Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gamezdoka.org removal


  • This topic is locked This topic is locked
16 replies to this topic

#1 wlau

wlau

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 25 November 2014 - 10:56 AM

Hi my com in affected by the gamezdoka spyware and I can't seem to remove it.

This is my log scanned with FRST

Thanks a lot guys. Will be making a donation!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by awloong (administrator) on ADENAU on 25-11-2014 23:47:17
Running from C:\Users\awloong\Downloads
Loaded Profile: awloong (Available profiles: awloong)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\HotkeyService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\OfficeScan Client\PccNTMon.exe
(Telegram Messenger LLP) C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe
() C:\Program Files (x86)\Hotkey\hkysound.exe
(Apple Inc.) C:\Games\itunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4681216 2014-01-02] (VIA)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe [1340720 2009-09-08] (Trend Micro Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Games\itunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [Spotify Web Helper] => C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-13] (Spotify Ltd)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [GoogleChromeAutoLaunch_31BAE31735360A836BC0E93856C18F3A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-15] (Google Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.xin.msn.com/
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB283D869EE9DCF01
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG,en;q=0.8,zh-Hans-SG;q=0.5,zh-Hans;q=0.3
SearchScopes: HKU\S-1-5-21-429218106-2658364167-3459249354-1003 -> DefaultScope {5828D414-C200-4750-90A9-2E9A406455E7} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
SearchScopes: HKU\S-1-5-21-429218106-2658364167-3459249354-1003 -> {5828D414-C200-4750-90A9-2E9A406455E7} URL = https://sg.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=282369&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Games\itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> google.com__
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]
CHR Extension: (Google Drive) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (YouTube) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-04]
CHR Extension: (GOM Web-VPN) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-08-12]
CHR Extension: (Google Search) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-04]
CHR Extension: (Momentum) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2014-09-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04]
CHR Extension: (Gmail) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-07] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-07] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-04] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-01-16] () [File not signed]
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe [105448 2014-08-28] (Razer Inc.)
S3 TunngleService; E:\aden's\Games\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-07] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-04] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [445656 2013-11-08] (Realsil Semiconductor Corporation)
S3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-20] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [33456 2013-12-16] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 23:47 - 2014-11-25 23:47 - 00020937 _____ () C:\Users\awloong\Downloads\FRST.txt
2014-11-25 23:45 - 2014-11-25 23:46 - 02118144 _____ (Farbar) C:\Users\awloong\Downloads\FRST64.exe
2014-11-22 21:47 - 2014-11-22 21:47 - 00002296 _____ () C:\Users\awloong\Downloads\BOSS_Class_Timetable_UGRD_1410 (1).csv
2014-11-21 14:01 - 2014-11-21 14:01 - 00457554 _____ () C:\Users\awloong\Downloads\lecture11 (1).pptx
2014-11-19 20:16 - 2014-11-19 20:16 - 01717235 _____ () C:\Users\awloong\Downloads\lecture10 (1).pptx
2014-11-19 19:11 - 2014-10-04 03:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-19 19:11 - 2014-10-04 03:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-19 16:06 - 2014-11-10 07:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:06 - 2014-11-10 07:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:06 - 2014-11-10 07:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:06 - 2014-11-10 07:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 12:38 - 2014-11-19 12:38 - 00007602 _____ () C:\Users\awloong\AppData\Local\Resmon.ResmonCfg
2014-11-17 11:53 - 2014-11-17 11:53 - 00082495 _____ () C:\Users\awloong\Desktop\wlau.2014.rar
2014-11-17 11:48 - 2014-11-17 11:48 - 00000000 ____D () C:\Users\awloong\Desktop\wlau.2014
2014-11-16 19:08 - 2014-11-16 19:08 - 01080496 _____ (Unity Technologies ApS) C:\Users\awloong\Downloads\UnityWebPlayer.exe
2014-11-14 23:24 - 2014-09-15 23:24 - 00000032 ____R () C:\Users\awloong\hash.dat
2014-11-14 22:34 - 2014-11-14 22:34 - 00000207 _____ () C:\Users\awloong\Desktop\Spiral Knights.url
2014-11-14 18:12 - 2014-11-14 18:12 - 00008161 _____ () C:\Users\awloong\Downloads\buggy2014-1.zip
2014-11-14 18:10 - 2014-11-14 18:12 - 00000000 ____D () C:\Users\awloong\Downloads\week13
2014-11-14 18:10 - 2014-11-14 18:10 - 00174380 _____ () C:\Users\awloong\Downloads\week13.zip
2014-11-13 11:50 - 2014-11-13 11:50 - 00000000 ____D () C:\Users\awloong\Documents\KONAMI
2014-11-13 11:50 - 2014-11-13 11:50 - 00000000 ____D () C:\ProgramData\KONAMI
2014-11-12 19:09 - 2014-11-12 19:09 - 02666267 _____ () C:\Users\awloong\Downloads\3747549.flv
2014-11-12 19:06 - 2014-11-12 19:06 - 03394012 _____ () C:\Users\awloong\Downloads\3747540.flv
2014-11-12 19:00 - 2014-11-12 19:00 - 45436119 _____ () C:\Users\awloong\Downloads\3722022_hd.flv
2014-11-12 13:02 - 2014-09-22 12:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 13:02 - 2014-09-22 11:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 13:02 - 2014-09-22 11:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 13:02 - 2014-09-22 10:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 13:02 - 2014-09-19 08:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 13:02 - 2014-09-03 06:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 13:02 - 2014-09-03 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 13:01 - 2014-11-05 07:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 13:01 - 2014-11-04 08:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 13:01 - 2014-10-31 13:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:01 - 2014-10-31 12:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-11-12 13:01 - 2014-10-31 12:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 13:01 - 2014-10-31 12:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-11-12 13:01 - 2014-10-13 10:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 13:01 - 2014-10-11 08:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:01 - 2014-10-11 08:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 13:01 - 2014-10-08 15:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 13:01 - 2014-10-08 15:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 13:01 - 2014-10-08 14:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 13:01 - 2014-10-08 13:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 13:01 - 2014-10-08 13:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 13:01 - 2014-09-27 15:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 13:01 - 2014-09-27 13:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 13:01 - 2014-09-27 11:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:01 - 2014-09-27 11:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 13:01 - 2014-09-27 11:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:00 - 2014-10-31 13:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 13:00 - 2014-10-31 13:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 13:00 - 2014-10-31 13:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 13:00 - 2014-10-31 13:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 13:00 - 2014-10-31 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 13:00 - 2014-10-31 13:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:00 - 2014-10-31 13:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 13:00 - 2014-10-31 13:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 13:00 - 2014-10-31 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 13:00 - 2014-10-31 13:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:00 - 2014-10-31 13:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-12 13:00 - 2014-10-31 13:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 13:00 - 2014-10-31 12:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:00 - 2014-10-31 12:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 13:00 - 2014-10-31 12:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 13:00 - 2014-10-31 12:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:00 - 2014-10-31 12:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 13:00 - 2014-10-31 12:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 13:00 - 2014-10-31 12:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:00 - 2014-10-31 12:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 13:00 - 2014-10-31 12:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:00 - 2014-10-31 12:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 13:00 - 2014-10-31 12:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 13:00 - 2014-10-31 12:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:00 - 2014-10-31 12:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 13:00 - 2014-10-31 12:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 13:00 - 2014-10-31 12:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 13:00 - 2014-10-31 12:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 13:00 - 2014-10-31 12:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 13:00 - 2014-10-31 12:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:00 - 2014-10-31 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 13:00 - 2014-10-31 12:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-12 13:00 - 2014-10-31 12:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:00 - 2014-10-31 12:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 13:00 - 2014-10-31 12:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-12 13:00 - 2014-10-31 12:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-12 13:00 - 2014-10-31 12:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 13:00 - 2014-10-31 12:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:00 - 2014-10-31 12:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 13:00 - 2014-10-31 12:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:00 - 2014-10-31 11:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:00 - 2014-10-31 11:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:00 - 2014-10-31 11:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 13:00 - 2014-10-31 11:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:00 - 2014-10-31 11:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 13:00 - 2014-10-31 11:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:00 - 2014-10-31 11:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 13:00 - 2014-10-31 11:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 13:00 - 2014-10-31 11:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 13:00 - 2014-10-31 11:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 13:00 - 2014-10-31 11:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 13:00 - 2014-10-31 11:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:00 - 2014-10-31 11:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 13:00 - 2014-10-31 11:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 13:00 - 2014-10-31 11:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-12 13:00 - 2014-10-31 11:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 13:00 - 2014-10-31 11:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 13:00 - 2014-10-31 11:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 13:00 - 2014-10-31 11:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:00 - 2014-10-31 11:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:00 - 2014-10-31 11:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 13:00 - 2014-10-31 11:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 13:00 - 2014-10-31 11:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 13:00 - 2014-10-31 11:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 13:00 - 2014-10-31 11:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 13:00 - 2014-10-31 11:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:00 - 2014-10-31 11:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 13:00 - 2014-10-31 11:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 13:00 - 2014-10-31 11:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:00 - 2014-10-31 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 13:00 - 2014-10-31 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 13:00 - 2014-10-31 10:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 13:00 - 2014-10-31 10:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 13:00 - 2014-10-31 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 13:00 - 2014-10-31 10:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 13:00 - 2014-10-31 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:00 - 2014-10-31 10:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-12 13:00 - 2014-10-31 10:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:00 - 2014-10-31 10:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 13:00 - 2014-10-31 10:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:00 - 2014-10-31 10:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 13:00 - 2014-10-31 10:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-12 13:00 - 2014-10-31 10:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:00 - 2014-10-31 10:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 13:00 - 2014-10-31 10:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:00 - 2014-10-31 10:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:00 - 2014-10-31 10:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 13:00 - 2014-10-31 10:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 13:00 - 2014-10-31 10:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:00 - 2014-10-31 10:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:00 - 2014-10-31 10:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 12:59 - 2014-10-10 09:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 12:59 - 2014-10-10 09:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 12:59 - 2014-10-10 09:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 12:59 - 2014-10-08 15:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 12:59 - 2014-10-08 15:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 12:59 - 2014-10-08 15:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 12:59 - 2014-10-08 15:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 12:59 - 2014-10-08 14:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 12:59 - 2014-10-08 14:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 12:59 - 2014-10-08 14:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 12:59 - 2014-10-08 14:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 12:59 - 2014-10-08 14:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 12:59 - 2014-10-08 13:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 12:58 - 2014-10-23 13:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 12:58 - 2014-10-23 13:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 12:58 - 2014-10-18 17:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 12:58 - 2014-10-18 16:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 12:58 - 2014-10-18 16:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 12:58 - 2014-10-18 15:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 12:58 - 2014-10-18 14:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 12:58 - 2014-10-18 14:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 12:58 - 2014-10-18 14:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 12:58 - 2014-10-18 14:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 12:58 - 2014-10-18 14:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 12:58 - 2014-10-18 14:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 12:58 - 2014-10-18 14:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 12:58 - 2014-10-18 14:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 12:58 - 2014-10-18 14:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 12:58 - 2014-10-18 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 12:58 - 2014-10-18 14:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 12:58 - 2014-10-18 14:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 12:58 - 2014-10-17 15:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 12:58 - 2014-10-17 14:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 12:58 - 2014-10-07 14:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 12:58 - 2014-10-07 14:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 12:58 - 2014-10-07 14:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 12:58 - 2014-10-07 14:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 12:58 - 2014-10-07 14:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 12:58 - 2014-10-07 11:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 12:58 - 2014-10-07 11:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 12:58 - 2014-10-07 11:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 12:58 - 2014-10-07 11:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 12:58 - 2014-10-07 09:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 12:58 - 2014-10-07 09:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 12:58 - 2014-09-08 11:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 12:58 - 2014-09-05 06:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 12:58 - 2014-09-04 11:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 12:58 - 2014-08-31 08:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 12:58 - 2014-08-31 06:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 12:58 - 2014-08-31 05:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 12:58 - 2014-08-28 10:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 12:58 - 2014-08-23 13:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 12:58 - 2014-08-23 13:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 12:58 - 2014-08-23 13:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 12:58 - 2014-08-23 12:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 12:57 - 2014-09-10 14:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 12:57 - 2014-09-08 11:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 12:57 - 2014-09-08 06:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 12:57 - 2014-09-05 06:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 12:57 - 2014-09-04 10:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 12:57 - 2014-09-04 09:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 12:57 - 2014-09-04 08:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 12:57 - 2014-08-31 08:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 12:57 - 2014-08-31 06:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 12:57 - 2014-08-31 05:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 12:57 - 2014-08-31 04:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 12:57 - 2014-08-31 04:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 12:57 - 2014-08-28 08:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 12:57 - 2014-08-28 08:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 12:57 - 2014-08-23 13:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 12:57 - 2014-08-02 08:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 12:57 - 2014-08-02 08:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-11 17:18 - 2014-11-11 17:23 - 01816618 _____ () C:\Users\awloong\Downloads\Instagram Final Slides (Edited) (2).pptx
2014-11-11 16:03 - 2014-11-11 16:03 - 00457554 _____ () C:\Users\awloong\Downloads\lecture11.pptx
2014-11-11 15:55 - 2014-11-11 15:55 - 00099616 _____ () C:\Users\awloong\Downloads\2013-141-Lab-Test-2.zip
2014-11-11 15:55 - 2014-11-11 15:55 - 00091619 _____ () C:\Users\awloong\Downloads\2013-141-Lab-Test-3.zip
2014-11-11 15:45 - 2014-11-11 15:45 - 01855984 _____ () C:\Users\awloong\Downloads\Instagram Final Slides (Edited) (1).pptx
2014-11-11 15:37 - 2014-11-11 15:37 - 01855984 _____ () C:\Users\awloong\Downloads\Instagram Final Slides (Edited).pptx
2014-11-11 12:18 - 2014-11-11 12:18 - 00006755 _____ () C:\Users\awloong\Downloads\Buggy-1.zip
2014-11-11 12:17 - 2014-11-11 12:17 - 00006884 _____ () C:\Users\awloong\Downloads\DVDRental.zip
2014-11-11 12:17 - 2014-11-11 12:17 - 00006597 _____ () C:\Users\awloong\Downloads\Buggy-2.zip
2014-11-10 12:28 - 2014-11-10 12:28 - 00000882 _____ () C:\Users\awloong\Desktop\Farming Simulator 15.lnk
2014-11-10 12:28 - 2014-11-10 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15
2014-11-10 00:14 - 2014-11-10 00:14 - 00022046 _____ () C:\Users\awloong\Downloads\312C.tmp
2014-11-08 22:18 - 2014-11-08 22:18 - 00000747 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2014-11-08 22:18 - 2014-11-08 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2014-11-08 15:38 - 2014-10-30 12:53 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 24554824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 18497600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 13189832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-08 15:38 - 2014-10-30 12:53 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 04011840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00961224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00932168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00922944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00896144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00416912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-06 21:47 - 2014-11-06 21:47 - 00027443 _____ () C:\Users\awloong\Downloads\Project.zip
2014-11-06 13:54 - 2014-11-06 13:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-06 01:14 - 2014-11-06 01:14 - 12442499 _____ () C:\Users\awloong\Downloads\102396.flv
2014-11-03 20:31 - 2014-11-03 22:35 - 00036526 _____ () C:\Users\awloong\Downloads\stats survey compiled.xlsx
2014-11-03 19:39 - 2014-11-03 19:39 - 00017755 _____ () C:\Users\awloong\Desktop\stats surveyAden.xlsx
2014-11-03 19:11 - 2014-11-03 19:38 - 00017756 _____ () C:\Users\awloong\Downloads\stats survey.xlsx
2014-11-02 19:56 - 2014-11-02 19:56 - 40953492 _____ () C:\Users\awloong\Downloads\Couple Handjob Masturbation Park Bench 1 & 2 [EDIT ENHANCED] [Konus Konusvue Giant 20x80 & Camera Phone] Approx 50m.avi
2014-11-02 00:54 - 2014-11-02 00:54 - 00012682 _____ () C:\Users\awloong\Desktop\InstagramLikers.xlsx
2014-11-01 21:33 - 2014-11-01 21:33 - 00007837 _____ () C:\Users\awloong\Downloads\TEABAGS2014.xlsx
2014-11-01 21:33 - 2014-11-01 21:33 - 00000165 ____H () C:\Users\awloong\Downloads\~$TEABAGS2014.xlsx
2014-10-30 17:20 - 2014-10-30 23:28 - 00075129 _____ () C:\Users\awloong\Downloads\Data-for-group-project.xlsx
2014-10-30 16:51 - 2014-10-30 17:01 - 00012760 _____ () C:\Users\awloong\Desktop\SIScurriculum.xlsx
2014-10-28 12:41 - 2014-10-28 12:41 - 00000629 _____ () C:\Users\awloong\Downloads\Week11Resources.zip
2014-10-28 11:05 - 2014-10-28 11:05 - 04227463 _____ () C:\Users\awloong\Downloads\Zanetta Joan Sit Deal Or No Deal Intro Video.MP4
2014-10-28 11:04 - 2014-10-28 11:04 - 80042882 _____ () C:\Users\awloong\Downloads\XVRayDIY Car P1130091.MOV
2014-10-28 11:04 - 2014-10-28 11:04 - 09359102 _____ () C:\Users\awloong\Downloads\Melody Low.MP4
2014-10-28 11:04 - 2014-10-28 11:04 - 01752282 _____ () C:\Users\awloong\Downloads\Sex at Alexis jacuzzi side.3gp
2014-10-28 11:03 - 2014-10-28 11:03 - 12083838 _____ () C:\Users\awloong\Downloads\SG Angel Lin Sex Tape - 視頻 - ThisAV.com-世界第一中文成人娛樂網站.flv
2014-10-28 11:03 - 2014-10-28 11:03 - 11041375 _____ () C:\Users\awloong\Downloads\Rebecca Lookalike.mp4
2014-10-28 11:03 - 2014-10-28 11:03 - 01440537 _____ () C:\Users\awloong\Downloads\SG Amanda Toh Sex Tape - 視頻 - ThisAV.com-世界第一中文成人娛樂網站.flv
2014-10-27 02:04 - 2014-10-27 02:04 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ONET Assessment Tools
2014-10-27 02:04 - 2014-10-27 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ONET Assessment Tools
2014-10-27 02:04 - 2014-10-27 02:04 - 00000000 ____D () C:\Program Files (x86)\ONET Assessment Tools
2014-10-27 02:04 - 2001-03-13 13:51 - 01066176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2014-10-27 02:04 - 2001-03-13 13:49 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COMDLG32.OCX
2014-10-27 02:04 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RICHTX32.OCX
2014-10-27 02:04 - 1998-04-24 00:00 - 00368912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbar332.dll
2014-10-27 02:04 - 1996-01-12 00:00 - 00200704 _____ (Sheridan Software Systems, Inc.) C:\Windows\SysWOW64\THREED32.OCX
2014-10-27 02:03 - 2014-10-27 02:03 - 07702194 _____ () C:\Users\awloong\Downloads\CIP_WIP.zip
2014-10-27 01:59 - 2014-10-27 01:59 - 00172544 ____H () C:\Users\awloong\Downloads\~WRL1012.tmp
2014-10-26 12:01 - 2014-10-28 23:22 - 13520080 _____ () C:\Users\awloong\Desktop\The Great Consumer Hustle.pptx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-25 23:47 - 2014-09-13 13:09 - 00000000 ____D () C:\FRST
2014-11-25 23:46 - 2014-06-04 21:53 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Skype
2014-11-25 23:43 - 2014-03-16 18:17 - 02004598 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 23:43 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-25 23:42 - 2014-09-29 22:08 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ADENAU-awloong AdenAu
2014-11-25 23:41 - 2014-09-09 23:33 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)
2014-11-25 23:41 - 2014-09-05 00:02 - 00000000 ___RD () C:\Users\awloong\Google Drive
2014-11-25 23:41 - 2014-06-05 23:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-25 23:41 - 2014-06-05 01:09 - 00000000 __RDO () C:\Users\awloong\OneDrive
2014-11-25 23:40 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-25 00:33 - 2014-06-07 16:59 - 00000000 ____D () C:\ProgramData\Origin
2014-11-25 00:33 - 2014-06-07 16:02 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\vlc
2014-11-24 23:59 - 2014-06-05 23:39 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-24 17:29 - 2014-06-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-24 07:54 - 2014-06-04 15:43 - 00000000 ____D () C:\Users\awloong\AppData\Local\Packages
2014-11-23 13:11 - 2014-06-04 16:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429218106-2658364167-3459249354-1003
2014-11-23 13:00 - 2014-06-05 23:41 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-22 23:32 - 2014-03-16 18:24 - 00892952 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-22 23:28 - 2014-03-25 13:37 - 00018923 _____ () C:\Windows\setupact.log
2014-11-21 21:00 - 2014-06-05 23:39 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-21 14:05 - 2014-10-15 16:52 - 00000000 ____D () C:\Users\awloong\Desktop\STATS OWN NOTES
2014-11-19 23:56 - 2013-08-22 22:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-19 23:20 - 2013-08-22 21:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-19 16:19 - 2013-08-22 23:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-19 12:39 - 2014-03-16 19:39 - 00485848 _____ () C:\Windows\PFRO.log
2014-11-18 15:39 - 2014-06-08 01:20 - 00357376 ___SH () C:\Users\awloong\Desktop\Thumbs.db
2014-11-18 12:02 - 2014-06-04 16:55 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\uTorrent
2014-11-18 10:20 - 2014-08-31 17:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-17 23:53 - 2014-06-05 23:54 - 00000000 ____D () C:\Users\awloong\Documents\My Games
2014-11-17 11:53 - 2014-10-07 15:26 - 00000000 ____D () C:\Users\awloong\AppData\Local\WinZip
2014-11-16 11:32 - 2014-06-05 23:39 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 13:33 - 2014-08-26 19:29 - 00000000 ____D () C:\Users\awloong\AppData\Local\Battle.net
2014-11-15 13:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 23:24 - 2014-06-04 15:43 - 00000000 ____D () C:\Users\awloong
2014-11-12 15:27 - 2013-08-22 22:44 - 00481176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 14:57 - 2014-07-12 00:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 13:38 - 2014-03-16 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 13:36 - 2014-03-16 18:36 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 22:45 - 2014-06-14 23:51 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Spotify
2014-11-09 22:05 - 2014-06-14 23:53 - 00000000 ____D () C:\Users\awloong\AppData\Local\Spotify
2014-11-08 22:10 - 2014-06-07 17:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-08 22:02 - 2014-05-31 13:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-07 01:06 - 2014-07-29 23:16 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-07 01:06 - 2014-07-29 23:16 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-07 01:06 - 2014-05-31 13:09 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-07 01:06 - 2014-05-31 13:09 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-06 13:55 - 2014-09-05 00:01 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-06 13:55 - 2014-09-05 00:01 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-06 13:55 - 2014-09-05 00:01 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-06 13:55 - 2014-09-05 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-06 13:19 - 2014-10-10 13:29 - 00000000 ____D () C:\Users\awloong\Downloads\telegram
2014-11-03 13:22 - 2014-06-26 18:42 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\NVIDIA
2014-10-31 19:08 - 2014-06-04 21:53 - 00000000 ____D () C:\ProgramData\Skype
2014-10-30 19:25 - 2014-03-16 18:33 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 12:53 - 2014-10-02 00:43 - 20966504 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-30 12:53 - 2014-10-02 00:43 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-30 12:53 - 2014-05-31 13:07 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-30 12:53 - 2014-05-31 13:07 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-30 08:55 - 2013-08-22 23:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 08:55 - 2013-08-22 23:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Files to move or delete:
====================
C:\Users\awloong\hash.dat
 
 
Some content of TEMP:
====================
C:\Users\awloong\AppData\Local\Temp\npp.6.6.9.Installer.exe
C:\Users\awloong\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-24 16:57
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   58.86KB   0 downloads


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 25 November 2014 - 11:14 AM

======Zoek.exe======

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Download 51a612a8b27e2-Zoek.pngzoek.exe to your desktop
  • If Internet Explorer, any other browser, or a security program issues a warning indicating the file is unsafe, please ignore, since it is a false warning.
Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
    torpigcheck;
    installedprogs;
    uninstall-list;
    srinfo;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 27 November 2014 - 07:17 AM

Hi, this is what i got after running zoek.exe

 

 
Zoek.exe v5.0.0.0 Updated 26-11-2014
Tool run by awloong on Thu 27/11/2014 at 20:04:13.33.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\awloong\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== Older Logs ======================
 
C:\zoek-results2014-11-25-162627.log 7159 bytes
C:\zoek-results2014-11-26-044847.log 126872 bytes
 
==== Torpig Check ======================
 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\FileSystem {217FC9C0-3AEA-1069-A2DB-08002B30309D} %SystemRoot%\system32\shell32.dll 
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\Sharing {40dd6e20-7c17-11ce-a804-00aa003ca9f6} %SystemRoot%\system32\ntshrui.dll 
 
 
==== Installed Programs ======================
 
æTorrent  
64 Bit HP CIO Components Installer  
Airplane Mode Hid Installer  
Apple Application Support  
Apple Mobile Device Support  
Apple Software Update  
Battle.net  
Battlefield 4T  
Battlelog Web Plugins  
Bejeweledr 3  
Bonjour  
Borderlands: The Pre-Sequel  
DAEMON Tools Lite  
DARK SOULST II  
Diablo III  
Don't Starve  
Dota 2  
Dragon Age: Origins  
EA SPORTST FIFA 15  
F1 2014  
Far Cry 4  
Farming Simulator 15  
Google Chrome  
Google Drive  
Google Update Helper  
Hearthstone  
Hotkey 1.17.19  
iCloud  
Insyde Airplane Mode HID Mini-Driver  
Intel® Management Engine Components  
Intel® PRO/Wireless Driver  
Intel® Processor Graphics  
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2)  
Intelr PROSet/Wireless Software  
Intelr PROSet/Wireless WiFi Software  
Intelr Trusted Connect Service Client  
iTunes  
Java 8 Update 20 (64-bit)  
Java Auto Updater  
Java SE Development Kit 8 Update 11 (64-bit)  
Malwarebytes Anti-Malware version 2.0.2.1012  
Microsoft ASP.NET MVC 4 Runtime  
Microsoft Exchange Web Services Managed API 2.1  
Microsoft Office 365 ProPlus - en-us  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219  
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219  
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610  
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610  
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610  
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610  
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005  
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005  
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005  
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005  
Microsoft XNA Framework Redistributable 4.0  
Middle-earth: Shadow of Mordor  
Notepad++  
NVIDIA Control Panel 344.11  
NVIDIA GeForce Experience 2.1.4  
NVIDIA GeForce Experience Service  
NVIDIA Graphics Driver 344.11  
NVIDIA Install Application  
NVIDIA LED Visualizer 1.0  
NVIDIA Network Service  
NVIDIA Optimus Update 16.13.65  
NVIDIA PhysX  
NVIDIA PhysX System Software 9.14.0702  
NVIDIA ShadowPlay 16.13.65  
NVIDIA Update 16.13.65  
NVIDIA Update Core  
NVIDIA Virtual Audio 1.2.26  
O*NET Assessment Tools  
Office 15 Click-to-Run Extensibility Component  
Office 15 Click-to-Run Licensing Component  
Office 15 Click-to-Run Localization Component  
Origin  
Platform  
Razer Cortex  
Razer Synapse 2.0  
Realtek Card Reader  
Realtek Ethernet Controller Driver  
Respondus LockDown Browser  
SHIELD Streaming  
SHIELD Wireless Controller Driver  
SkypeT 6.21  
Sound Blaster Cinema  
Spiral Knights  
Spotify  
Steam  
Sticky Notes  
Synaptics Pointing Device Driver  
Telegram Desktop version 0.6.15  
Terraria  
The Witcher 2 - Assassins of Kings Enhanced Edition  
Tunngle beta  
Update for CHS Microsoft IME HAP Dictionary  
VIA Platform Device Manager  
VLC media player  
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0)  
WinRAR 5.10 beta 4 (64-bit)  
WinZip 18.5  
 
==== Running Processes ======================
 
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Hotkey\HotkeyService.exe
C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hotkey\HkeyTray.exe
C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe
C:\Program Files (x86)\Hotkey\hkysound.exe
C:\Games\itunes\iTunesHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Origin\OriginClientService.exe
C:\Games\Steam\Steam.exe
C:\Games\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Games\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\awloong\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
 
==== System Specs ======================
 
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 8112 MB
CPU Info: Intel® Core™ i7-4710MQ CPU @ 2.50GHz
CPU Speed: 2499.0 MHz
Sound Card: Speakers (2- VIA HD Audio(Win8. | 
SPDIF Interface (TX0) (2- VIA H | 
Display Adapters: Intel® HD Graphics 4600 | Intel® HD Graphics 4600 | Intel® HD Graphics 4600
Monitors: 1x; Generic PnP Monitor | 
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: TAP-Win32 Adapter V9 (Tunngle) | Bluetooth Device (Personal Area Network) | Microsoft Wi-Fi Direct Virtual Adapter #2 | Intel® Dual Band Wireless-AC 3160 | Realtek PCIe GBE Family Controller #2
CD / DVD Drives: 2x (D: | F: | ) D: TSSTcorpCDDVDW SN-208FB  | F: DTSOFT  BDROM
Ports: COM Ports NOT Present. LPT Port NOT Present. 
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  118.7GB | E:  931.4GB
Hard Disks - Free: C:  13.2GB | E:  336.7GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE |  | ALASKA - 1072009
Time Zone: Malay Peninsula Standard Time
Motherboard *: Notebook                         W35xSS_370SS
Country: Singapore 
Language: ENE 
 
==== System Specs (Software) ======================
 
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Virus: Trend Micro OfficeScan Antivirus On-access scanning disabled (Outdated)
Anti-Spyware: Trend Micro OfficeScan Anti-spyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Google Chrome 39.0.2171.71
Internet Explorer Version: 11.0.9600.17416 
Google Chrome version: 39.0.2171.71
Sun Java version: 1.8.0_20 (32-bit) 
Sun Java version: 1.8.0_20 (64-bit) 
 
==== Files Recently Created / Modified ======================
 
====== C:\Windows ====
====== C:\Users\awloong\AppData\Local\Temp ====
2014-11-19 11:10:53 F9439A7221CB0AD55281F1A07A64E654 112456 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\zh-CHS\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 EA1CC548F8EDD616EC63DF048ACBB875 869704 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Yeast.Core.dll
2014-11-19 11:10:53 CE9812A9B6695E0FA4ACBDF18AC9076B 16032 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\NVSWCFilter32.sys
2014-11-19 11:10:53 C600AC16898D24B8F70DA4B0A8D38AC3 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\sl-SI\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 C2784E921A2D9E6352557EC3E4D5B4DB 736072 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\twitchsdk32.dll
2014-11-19 11:10:53 C23EECC004561625306DED15A39480E2 116040 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\th-TH\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 BE6832BA702EBC3527D7BC7A37DAB052 33096 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NvVAD\nvvad32v.sys
2014-11-19 11:10:53 BD7A4A5F3166A190A204CE0227F139CF 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\tr-TR\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 A9970042BE512C7981B36E689C5F3F9F 1461992 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\WdfCoInstaller0100932.dll
2014-11-19 11:10:53 980D1CA9E5B8BC67506FA5F67E122C78 235848 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Xml.Schema.Linq.dll
2014-11-19 11:10:53 8F82E2F66066409DDB972C29FED5D799 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\sk-SK\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 7E1DBF46B5CAEEA5F352648CBB699A4B 15688 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVI2SystemService64.sys
2014-11-19 11:10:53 67877B0C93B7B68E7939D8DE02956556 14664 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVI2SystemService32.sys
2014-11-19 11:10:53 63734B0FBD8E6DAF841AD3DD47DEFFFB 19784 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\NvStreamKms.sys
2014-11-19 11:10:53 4DA5DA193E0E4F86F6F8FD43EF25329A 1721576 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\WdfCoInstaller0100964.dll
2014-11-19 11:10:53 4B2EA34513CB1CEE8327334AA49BC2A4 18760 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\NvStreamKms.sys
2014-11-19 11:10:53 451865F49B34C5230A72741859333786 930120 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\UpdateCoreExt.dll
2014-11-19 11:10:53 42CA2F31A04992D0AB2C47D9792CF3C9 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\zh-CHT\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 27A4FE6DCEB78E197C483866B4EDEDD4 854344 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\twitchsdk64.dll
2014-11-19 11:10:53 23FC6E1A2F6100876FCCF97383D7B988 115016 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ru-RU\Touchstone.Resources.resources.dll
2014-11-19 11:10:53 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3 38216 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NvVAD\nvvad64v.sys
2014-11-19 11:10:53 17D21ADA263B31EEDB7EA344AEA4F2E7 19616 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\NVSWCFilter64.sys
2014-11-19 11:10:53 162BDA746BC3E8F56DBCE82182FE82C2 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\sv-SE\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 FB1735F7E5C3316A4A79531C91DD58C1 115528 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\el-GR\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 FA36CEADB3659F79A1EE24BF244FB0DC 16200 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.Interfaces.dll
2014-11-19 11:10:52 F0FA28B44F2D5F8330C9BA1F3C40E37E 96072 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.Core.dll
2014-11-19 11:10:52 E7EF29F689F97FBAA209355A16551A55 1338696 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\ShieldWirelessController64.dll
2014-11-19 11:10:52 E6063EEF1560F1633E7A9FE7524BC732 20808 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.Windows.Threading.dll
2014-11-19 11:10:52 E1C02570DEC6F9849B509B5234873287 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\pt-BR\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 E1775DDFA3A2DA653027FCB28D450B9E 678728 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.Linq.dll
2014-11-19 11:10:52 DD0DD4B31E727033F75D113EAC744E14 47944 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Windows.Interactivity.dll
2014-11-19 11:10:52 DB83767700A21DADE8C2DB5E1E48BB19 508232 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Web.Mvc.dll
2014-11-19 11:10:52 D51DA17E2216A7A11980913FE09AB2BD 277320 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.ComponentModel.Composition.dll
2014-11-19 11:10:52 CF54382933230616E1B573B20F3C53AF 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ko-KR\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 CDA613529BC1ED161C05167CC6460D37 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\cs-CZ\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 C72CDE1B28785EF4B52F19EE9179E556 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\es-MX\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 BCE3DC44EEAB662B930DDC5DAB418EF8 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\pl-PL\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 ABE0282F6AEA81DC77C704ECF14A7A0D 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\nl-NL\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 AB74BBD265C8215B9C172396C8C6D83F 113992 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ja-JP\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 AA7A5ADC57FE6E8CD65921DBB2AAE0A6 26952 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Threading.Tasks.dll
2014-11-19 11:10:52 9C4D31F3E461DBC69F8C79EB6630501B 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\pt-PT\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 9B7CD1D2D5846D999A4CD760962F3AE2 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\hu-HU\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 97E3ACD49DC99F59BB6BB7CF8BABF6B2 249160 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.Providers.dll
2014-11-19 11:10:52 9782D37B20F268FB110021FC56E533B6 365896 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Touchstone.Accounts.dll
2014-11-19 11:10:52 91A3B77A6E0CFA0588C01549921505B0 15688 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Touchstone.Resources.dll
2014-11-19 11:10:52 85FB0756150150B6D669FA7F8F2DF364 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\fr-FR\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 8175E8EFDA1281B507218FAEE451B4BC 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\it-IT\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 7A4C5A58A5F3F37C6FD3EB4BCF997350 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\de-DE\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 79BDF5EA65CD49F60CA6ED6F5873A817 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\es-ES\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 71CEF722B9AEE9A5CA8F3CA4D8FE16C9 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\nb-NO\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 6F344742A80B3D34A639A9643B760861 77128 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reflection.Context.dll
2014-11-19 11:10:52 6B8E1FBE020BC15E02AA27A5ECCAFCF8 46920 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.ComponentModel.Composition.Registration.dll
2014-11-19 11:10:52 5FDF23B1B8B6EED8F0B30F00FFBE42F4 29512 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.PlatformServices.dll
2014-11-19 11:10:52 548C534236A8869527CD1030E3E15630 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\da-DK\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 446755FBCD89C727D5F43DD404BE7249 112968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\en-GB\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 3BE7536A4DF24498B882572073504EA0 189768 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Touchstone.Infrastructure.dll
2014-11-19 11:10:52 3B4A39CF7A51172779922DF57C491F14 14152 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Runtime.dll
2014-11-19 11:10:52 28B96FCD8DCEF286EEAFB5529DBB5E8F 17736 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\System.Reactive.Runtime.Remoting.dll
2014-11-19 11:10:52 28375CDA5D0CB2AAE523C2809B82A1B9 105288 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\steam_api.dll
2014-11-19 11:10:52 0DB3BC1F2C33F5A86A6590BCCAD103E5 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\he-IL\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 09601B739FAEC746C279A4C771EAC88E 114504 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ar-AE\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 08AADE33A7335695763E7AF581F97921 116040 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\en-US\Touchstone.Resources.resources.dll
2014-11-19 11:10:52 019CD9B4F92C5B19823212A406656544 120136 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\steam_api64.dll
2014-11-19 11:10:52 018570C45C883A608B619F689DC60325 113480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\fi-FI\Touchstone.Resources.resources.dll
2014-11-19 11:10:51 FBF8E411D48144703895512DF0149514 906704 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\rxinput.dll
2014-11-19 11:10:51 F880F6DBA6BA0950100345BE7F25A2CA 820040 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\NvStreamSrvExt.dll
2014-11-19 11:10:51 F7DCBD8E9F1480BFA2E24D2130082927 766792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\ReleaseHighlights.dll
2014-11-19 11:10:51 D5A7825402E47BDF7BBFCE85CBC5589C 1322824 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\nvsteamsupport.dll
2014-11-19 11:10:51 D13F0BDA59526BB48B29054E02A72B24 981832 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdtrXP64.dll
2014-11-19 11:10:51 C8EA1DDCFE4AAB689988BCC311D38959 191816 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\protobuf-net.dll
2014-11-19 11:10:51 BD9C8790F13D34D90DE39CDE979CB385 981832 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdtr64.dll
2014-11-19 11:10:51 B853C6D46C7107AFF24713BA426E36C1 1038152 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\ShieldWirelessController32.dll
2014-11-19 11:10:51 B0C82758D8C808329BC5CBF831EEF4E5 800584 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\ShadowPlayExt.dll
2014-11-19 11:10:51 9C4733A5F941E5485D65D484E22E6A24 834376 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Display.Optimus\OptimusUpdateExt.dll
2014-11-19 11:10:51 90FDE7F605A6DE9B769198C77F3846D8 2457416 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdt32.dll
2014-11-19 11:10:51 85D57F404C253301EA266C30D9D13E16 316232 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ShadowPlay.dll
2014-11-19 11:10:51 820E17DBD4896A280E28ACC4C69E5499 981320 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdtrXP32.dll
2014-11-19 11:10:51 7AAC6A6117884D701EB1385F59B4BD29 817600 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\rxinput.dll
2014-11-19 11:10:51 5B8D3161F2E47D3662FE02A706569AC4 981320 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdtr32.dll
2014-11-19 11:10:51 54932EC07711768D3084275666CC4BA1 70472 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ReactiveUI.Xaml.dll
2014-11-19 11:10:51 4E43907AF9527DA9778714C79A29F4AA 2800296 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\nvspcap64.dll
2014-11-19 11:10:51 455AE9335DAB38F1715FE08FC9503C27 2456392 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdtXP32.dll
2014-11-19 11:10:51 3DD8DB9B11A52244B56A0CFC29F26479 162632 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ReactiveUI.dll
2014-11-19 11:10:51 196B9C38458F424C550366891E90E3F7 3071304 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdt64.dll
2014-11-19 11:10:51 09C81595B414D3CB4F9962EAC330D0A4 1053512 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\nvsteamsupport.dll
2014-11-19 11:10:51 0740167BAC21BDBD59CDD6BDAFEEF246 3070792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\nvupdtXP64.dll
2014-11-19 11:10:50 6C0F1C9338706F98031C2A4996ACEFE3 2197680 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\nvspcap.dll
2014-11-19 11:10:50 3923B86DA7EA9B7DE2EA56BEF18EA199 1715224 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\nvspbridge64.dll
2014-11-19 11:10:49 F3AF67AC268EDA89C404F7C8246E6EDF 880456 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVPrxy32.dll
2014-11-19 11:10:49 E86685CA6932AA37EC4FE7686D458356 1533768 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVPrxy64.dll
2014-11-19 11:10:49 D9594763925F52C09628CC3E95B34245 1291280 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\nvspbridge.dll
2014-11-19 11:10:49 B299B1E935537CC45D716C6C94E3CCD7 1350984 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Network.Service\NVNetworkServiceAPI64.dll
2014-11-19 11:10:49 3126056B21BAA25193F50AB42B10E681 944456 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVNetworkServiceAPI.dll
2014-11-19 11:10:48 FE229E5515261B2E1C08F6DA08AFC88D 110920 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\sk-SK\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 F885A2F136EA12E8FF7A42F281464F61 14664 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NVIDIA.GFExperience.Resources.Localization.dll
2014-11-19 11:10:48 F1EE9AE177125ECF12F0F63286126B0A 108872 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\nl-NL\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 EFF29DEBA4397FD9B986985BB8BA27FA 4552008 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVI2.dll
2014-11-19 11:10:48 ED5D95611E478C00F1BAE06EAAECAFA3 27792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\pt-PT\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 E718A2C26A5CCCB531C6D224CA82F44E 110920 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\es-MX\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 E41985E002BB4F4EAA426A8F8CD45B75 40776 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\NvLedServiceLib.dll
2014-11-19 11:10:48 E0E0C80C23AFAD0D07299B1FC00A25A6 27464 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\zh-CHS\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 E022ADC97D37950433617081067574CE 105288 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\en-GB\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 DF2933BA84273971EF10814CA62FAE6B 108360 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\fi-FI\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 D8DBF1BA3EBE1BEC7AE8FABA550B4F7D 29504 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\pl-PL\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 D75C9B6A3BD4846A97915CF75190A08F 111944 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\fr-FR\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 D6280667182401FCE6DA11AC7A10C0EB 27976 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\sv-SE\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 CE18B37391E6E8CA9A9FBE20502EE648 28304 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\es-ES\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 C769E070C751325D945AAB346AFA963D 104264 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\zh-CHS\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 C407BC27A23BDA60D46E7083D050A05A 111432 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ko-KR\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 C10A8E8A4B0973B11F90F7502B0CBB7D 42824 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NVIDIA.Settings.dll
2014-11-19 11:10:48 BEC3FD1AC7D011C94CDCF0B086A1483F 29504 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\sk-SK\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 BBDFA945C13471DF62D497B27D3F7C1F 27280 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\en-GB\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 B9510146CDC1ECBE61A08D8C0DD74B28 128328 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ru-RU\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 B06CF246E1BC2D248BDAF1BEDF8D2CBE 28304 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\sl-SI\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 AD9DC6D0A80CF5D7B6FAE654A5A91F5B 1442632 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVI2UI.dll
2014-11-19 11:10:48 AB9D730A94AA011B3759647F86B05918 111432 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\de-DE\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 AAE8EDD721EE9FB7D8C95046E9714E12 34960 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\en-US\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 A865A1F408CAF19EE95BA4CDF6238A76 126792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\en-US\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 A5DF24A0DA7D9CBB95A72AC601C58251 29504 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\fi-FI\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 A48A4C2C950347C0A39C64A3758C9A5F 28480 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\zh-CHT\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 A2D5BF97EC27608324DB6732EF157E38 52040 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NVIDIA.UpdateService.dll
2014-11-19 11:10:48 A220992940FC1AB70C43EFA37C097397 27792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\pt-BR\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 A13C02207608ABD46AFDA55799DEB2DA 109384 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\pt-BR\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 A10568015298BADF5EE0B138E5129857 111944 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\hu-HU\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 9FC0543040BCC5EE04BA677856219CDE 108360 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\sv-SE\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 9FA95093E2A25756D3227393A19F7ADC 109896 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\cs-CZ\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 96A95324A267E4B296E9CFD5FF81B6BE 118600 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ja-JP\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 8FA129855CF25AA7848D9245BB6E5B2A 29512 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\ja-JP\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 8CBC98A3A3058F03906E66EC6F82A6E4 28488 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\es-MX\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 8A116FE27CFC75CB017622853BB80328 823104 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVI2DownloaderExt.DLL
2014-11-19 11:10:48 858D2DC544759626C88CEE9D40A03887 133960 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\el-GR\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 850AF4F826BD932761BA91D4289719FC 107336 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\nb-NO\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 8275F6C4172B357762146D8AFD29FCF9 110920 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\pl-PL\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 7EC28C2F17C5DA41CFEC3D4D46F1662D 31048 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\ru-RU\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 7E938C5D82A1C506B165807B24E2CBAC 29504 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\hu-HU\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 7D64CE5F493FE5A6406912955F881CC3 29000 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\he-IL\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 76DA9DDE9FA00B767D8316ABCC4D2D4A 28304 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\it-IT\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 745F85E4C5EF97992AB3F9AB5C5EEB15 27792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\nb-NO\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 72E05DADC2EC223E755EFFE4026777C5 105288 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\zh-CHT\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 729405F7C8160A2A3B00E6CB6C6927E3 28992 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\cs-CZ\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 6FFE4310E162AA153968581B8760C456 91464 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NVIDIA.Win32Api.dll
2014-11-19 11:10:48 6EE74BB7224B4E25890E17ADD5370410 944456 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Network.Service\NVNetworkServiceAPI.dll
2014-11-19 11:10:48 6EC3F3DE76E753B1E5656AD484C3024C 28488 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\de-DE\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 5CC566F8D544CA388A235AF8B5B4CA71 143688 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\th-TH\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 5A6CD210F437E18F8E6A883FFFE52F53 110920 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\es-ES\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 4C80D32EB02E54E552A1A46880CC32F7 624960 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\en-US\NvLedVisualizer.resources.dll
2014-11-19 11:10:48 45E3C99AC77C4155F8ED27D58D64F927 119112 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ar-AE\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 44DF01525A6C9862CBE8044F201A377F 190312 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\nvinject.dll
2014-11-19 11:10:48 443B32C267B3145F713380BDFC24583F 27976 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\nl-NL\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 3EBB78932BB7DBBB7F83D1809613716A 110920 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\pt-PT\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 3E0C4DECCF18310ABDCF36B143165EEA 622400 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\NvGpuInterface.dll
2014-11-19 11:10:48 3C25B5512664CAD20B2A52D5971EC43E 109896 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\it-IT\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 38DD8CA928DA33F7CD23E9C29DDBFC4E 117064 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\he-IL\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 34674641B0E44AC327BEBC3DC244D621 107336 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\da-DK\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 32D0BA256593236FE0ECBBDEA98B3A76 27792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\da-DK\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 2C03D0EEC0AF21EDE6C021D4DF907979 28304 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\tr-TR\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 2A1A20DC0D95A7FB4A8407DAF1F8EC7C 108872 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\sl-SI\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 28B90922CD493FD7E7D82DC95EB34753 29504 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\ko-KR\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 25DCF9CCB81A578C831E6D30173C77B9 32064 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\el-GR\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 22F7118D760ECE708027123E10884D0D 109384 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\tr-TR\NVIDIA.GFExperience.Resources.Localization.resources.dll
2014-11-19 11:10:48 1F95F75B8FF6071C3D34FE3E617331DE 34624 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\th-TH\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 1D7D76406CEC17ADFFB4B3CB38E20AD8 177928 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\nvinject.dll
2014-11-19 11:10:48 1CC7846BCC22ACE1390754AED50514B7 18576 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\NvLedVisualizerControl.dll
2014-11-19 11:10:48 18D994C5DFF4CE738FE20385A68F9517 30024 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\ar-SA\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 0B93D89529A28ABFA79BAE2AF70FC17F 28816 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\fr-FR\NvLedVisualizerControl.resources.dll
2014-11-19 11:10:48 0351F18E2E9DBCE0EA1F30588C87F74D 23880 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NVIDIA.Settings.Properties.dll
2014-11-19 11:10:47 E8F2C58E6FD1AFEC5E38709C386C476D 1384776 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPluginrXP64.dll
2014-11-19 11:10:47 B809B24FCF0381844A05C1485CEA9CB9 1384776 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPluginr32.dll
2014-11-19 11:10:47 93F974B2181B75F22BCF1A1B706E2D9F 1384776 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPluginrXP32.dll
2014-11-19 11:10:47 2C15B068520A11AFD64DAFB639DB7BAA 4673864 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPlugin64.dll
2014-11-19 11:10:47 251FE44B03E7AC6FF5B9B3B22D31EEF8 4048200 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPluginXP64.dll
2014-11-19 11:10:47 182A3F21550FDB38492F901F81278228 1384776 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPluginr64.dll
2014-11-19 11:10:47 024D908A7C4AC8BE0CA43FD5058BBCCF 3394376 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPluginXP32.dll
2014-11-19 11:10:46 C2F82F16692CCBD77D678DB7D643C116 1071432 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\NvGfeServiceBridge.dll
2014-11-19 11:10:46 B8AE2DB57BA865CD9B51830C72E39CBA 23184 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\NvDashBoardControls.dll
2014-11-19 11:10:46 B803358D23C94E7BFED21BF5A3AA221B 636232 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\nvFBC.dll
2014-11-19 11:10:46 AE548E9AF7C1B93B6C8296E2EBBA5545 534856 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\nvFBC.dll
2014-11-19 11:10:46 906E37FDCE034AF857F8A3BCE9B2E4AD 862536 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\NvBackendAPI32.dll
2014-11-19 11:10:46 8F07BF1A6CF6DBCAB6BE260898C1B727 896328 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVDownloader.dll
2014-11-19 11:10:46 7E72A092B3A04B0C3606C6F9F7B06D66 748872 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\NVDeviceUtility32.dll
2014-11-19 11:10:46 7B9214E49D25D0F84629134B93988F46 940360 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShieldWirelessController\NVDeviceUtility64.dll
2014-11-19 11:10:46 63C2041C98A22EBD486719DF7718FCBB 1540424 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NvVAD\nvgenco64.dll
2014-11-19 11:10:46 57E904259962D850CB825BAACD3C5C9F 35144 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NvVAD\nvaudcap64v.dll
2014-11-19 11:10:46 2642A1A5F5B94EC80370F7EBE8F58576 907592 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NvVAD\nvgenco32.dll
2014-11-19 11:10:46 1DE9A0C04ADF79CD620A939544E6D2A0 1238344 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\NvBackendAPI64.dll
2014-11-19 11:10:46 1595AEC8FAA94F19E5C6B2E3B7604E90 3750216 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\NvGFTrayPlugin32.dll
2014-11-19 11:10:46 03947F576C4209B1CFE7958F2C11B50B 1350984 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\NvGfeServiceBridge.dll
2014-11-19 11:10:45 F731071CE6505638FBEEBCFCE2CD8A35 248136 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\cudart32_55.dll
2014-11-19 11:10:45 F1AC08575663D79EFF702B37E930F02E 18248 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Prism.Interactivity.dll
2014-11-19 11:10:45 EEE0973EA28F088E34D088A1D5CE664B 113992 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.WindowsAPICodePack.dll
2014-11-19 11:10:45 ECCBF41A7B67A78817D1911A61D7E898 51528 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\flame.core.dll
2014-11-19 11:10:45 DBFF79C8362A2728C31FE3F5B919174A 80712 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GridService.dll
2014-11-19 11:10:45 D26B15E38281CB4B725E36D8B25CB9B1 29000 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.EnterpriseLibrary.Validation.Integration.WPF.dll
2014-11-19 11:10:45 C570D08DB6474DEA64ED45DA8EEB10C3 550728 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.WindowsAPICodePack.Shell.dll
2014-11-19 11:10:45 BBEE2402A2BCB9EB7948E980E447E31C 648520 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\gamecaster32.dll
2014-11-19 11:10:45 B9F3F5923E0FC75AE15445190F93CEA0 335688 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.EnterpriseLibrary.Common.dll
2014-11-19 11:10:45 B3772ECB30A669F61A27043213B66924 1152328 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GFExperienceExt.dll
2014-11-19 11:10:45 B0731458280D5868F0F24A125441D80E 30536 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\InstallerUIExtension.dll
2014-11-19 11:10:45 AC87186D2BC4CC18B894563075545030 255816 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\cudart32_65.dll
2014-11-19 11:10:45 A3EDF83725664212B6C21BA23424C61E 297288 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\cudart64_55.dll
2014-11-19 11:10:45 A19D2E390FED8C89DEA76D8537CF4713 146760 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GFExperienceCore.dll
2014-11-19 11:10:45 99597210BC8974C128CC0CC97DEDB8FC 196424 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\WLMerger.exe
2014-11-19 11:10:45 95621C1A6CF0D6E539108E9D74321015 32584 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GalaSoft.MvvmLight.Extras.WPF4.dll
2014-11-19 11:10:45 8E54455E8DD102F26073B1A259E7BB23 28488 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.ServiceLocation.dll
2014-11-19 11:10:45 8BA1FF3F6316865AB7FE5ADD0290DA84 707400 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\gamecaster64.dll
2014-11-19 11:10:45 89CE6407F5804C82ED03C8C15E8038A8 36168 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GalaSoft.MvvmLight.WPF4.dll
2014-11-19 11:10:45 851C51790FE252BC4541633FC3A386C2 125256 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Unity.dll
2014-11-19 11:10:45 8460D97D13C9CB1A3620D3F32BB20436 12104 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\detoured.dll
2014-11-19 11:10:45 79C51AC707CB89332B093F6730459991 313160 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\cudart64_65.dll
2014-11-19 11:10:45 76F922640D1B85613147883D0C78DC82 874824 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\MS.NET\MSNetExt.dll
2014-11-19 11:10:45 700F79EDD5CDD4391FC1BD8CCE8F8F52 48968 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Prism.MefExtensions.dll
2014-11-19 11:10:45 6DB3B2C65D4FB6CAF8867B4F449A47BB 393544 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.EnterpriseLibrary.Validation.dll
2014-11-19 11:10:45 6CFAA91E6CC7F64DED3AE34DC49CD19C 866632 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Display.Update\DisplayUpdateExt.dll
2014-11-19 11:10:45 6AE4D71A86037AC9ECA7BA2432BE1CEB 160072 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Prism.dll
2014-11-19 11:10:45 5E8C5037DC86F31ACD8FD8C895C6FBA5 91464 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GFExperience.WebService.dll
2014-11-19 11:10:45 54DABDC7FB599505480734A759552D8C 68424 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\flame.Accounts.dll
2014-11-19 11:10:45 543FB42432757D804EA0DDC6B89070AA 25928 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Prism.UnityExtensions.dll
2014-11-19 11:10:45 5151A895E64F0B97599B1C5E920B2E79 1568072 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\dsetup32.dll
2014-11-19 11:10:45 4F176F4E55B7D99BE9F5A44E80A2A152 412992 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\setup.exe
2014-11-19 11:10:45 3FFF04345CBAA7046E245E5FE5A04A02 87880 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Unity.Configuration.dll
2014-11-19 11:10:45 3D540F6AFF37BF050530A08AD3EDE107 19784 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\InstallerService.dll
2014-11-19 11:10:45 3CE5D0F1FC2127723B3AF13CAC41496F 32584 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NvVAD\nvaudcap32v.dll
2014-11-19 11:10:45 32E390954B2C6B1583A969ED0E7C8A9D 421200 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\msvcp100.dll
2014-11-19 11:10:45 2B92A88E329F4845D31941967A3BAA90 768848 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\msvcr100.dll
2014-11-19 11:10:45 2AF7E05443E3397F3DEF4BBBD70DFED5 1015112 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\DisplayCplExt.dll
2014-11-19 11:10:45 25259D0844D9DCD166B78EE7E9A51E12 51528 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Interop.Shell32.dll
2014-11-19 11:10:45 22C848374BBBFB6338C66FCBF65F80CA 1214280 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\dbghelp.dll
2014-11-19 11:10:45 21B6DCD2EBF11BFCA531DB91A321C182 1171272 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\ExtensionLoader.dll
2014-11-19 11:10:45 1E4C9E33D919A614574C99F64ADBF401 12104 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\detoured.dll
2014-11-19 11:10:45 1B004310EC1538647AC43C1B8CEE750A 464200 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Newtonsoft.Json.dll
2014-11-19 11:10:45 16DADD8AA32795B4FCC5C7381D83110B 97608 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\DSETUP.dll
2014-11-19 11:10:45 0B4890E5B19122E0AFEA46EE3C70D2B9 126792 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\Microsoft.Practices.Unity.Interception.dll
2014-11-19 11:10:45 0088754D561D88F80CC951D883699A0A 238408 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GFExperienceControls.dll
2014-11-19 11:10:43 E3D3E8FBFE0699F1F2A26FE11494D0E7 18182984 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\nvstreamsvc.exe
2014-11-19 11:10:43 DED86DCDB377B63162DB85160C65CACB 3998024 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\x86\server\nvstreamer.exe
2014-11-19 11:10:43 8EB877DD871935DF1074BFF18CB301AB 19819848 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\nvstreamsvc.exe
2014-11-19 11:10:43 4D2F348823D4999EA125F62D2367E3D5 5101384 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\amd64\server\nvstreamer.exe
2014-11-19 11:10:42 D4D0B1B558A91B81B93E7EFE6D26B356 3678024 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\nvspcaps64.exe
2014-11-19 11:10:42 14FEC20B53B5E0A5A34354572B73CA4C 2830152 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\nvspcaps.exe
2014-11-19 11:10:41 BEB10564C6245948B59FDAA7495A02D7 86160 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\NvLedServiceHost.exe
2014-11-19 11:10:41 A4BD13E405AD14B2EE09DCEF574DDD80 1795912 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\NVI2\NVNetworkService.exe
2014-11-19 11:10:41 9EA1D43D68AAAE216CDA9C89CEF24D9E 1795912 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Network.Service\NVNetworkService.exe
2014-11-19 11:10:41 4DD746CD8F9EF8A8D07B13CF21FCEDB6 127296 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\LEDVisualizer\NvLedVisualizer.exe
2014-11-19 11:10:41 3794BF69D2A8DDEAB9610D5094EE044B 638784 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience.NvStreamSrv\SteamLauncher\NVIDIA.SteamLauncher.exe
2014-11-19 11:10:40 EC8C6FDE2CF270A855D9EF8275F2199D 595784 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\7z.exe
2014-11-19 11:10:40 90AC42BBCDF908DD576853CB5CACA761 2464072 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\Update.Core\NvBackend.exe
2014-11-19 11:10:40 53406E9988306CBD4537677C5336ABA4 889416 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\MS.NET\dotNetFx40_Full_setup.exe
2014-11-19 11:10:40 3B3CB003324C55831938BDD04F6B2704 915784 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GfExperienceService\GfExperienceService32.exe
2014-11-19 11:10:40 34E75903D327D9D02AA5F92F87C808EF 1148744 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GfExperienceService\GfExperienceService64.exe
2014-11-19 11:10:40 2F78EDBD488B975765A6E7EBBAB7DB45 520008 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\ShadowPlay\DXSETUP.exe
2014-11-19 11:10:40 16B334D2E6DBA4F9A838A77DF24A521A 4816200 ----a-w- C:\Users\awloong\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\16.13.65.2\GFExperience\GFExperience.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-11-19 11:11:05 3CE5D0F1FC2127723B3AF13CAC41496F 32584 ----a-w- C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-19 08:06:47 66F97677CC13F7B9E2408CC75750A389 208896 ----a-w- C:\Windows\SysWOW64\pku2u.dll
2014-11-19 08:06:47 4CD4C8D34213975444643A5F9594E363 806400 ----a-w- C:\Windows\SysWOW64\kerberos.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-11-19 08:06:47 E87F8EC00FEEF700E61F6989D88A8BC2 991232 ----a-w- C:\Windows\Sysnative\kerberos.dll
2014-11-19 08:06:47 788C7D910267DDCD675DF4AB01961265 259584 ----a-w- C:\Windows\Sysnative\pku2u.dll
====== C:\Windows\Sysnative\drivers =====
2014-11-19 11:11:05 1FE5C1F4CCA8EAEA75C90FB2A85D9CC3 38216 ----a-w- C:\Windows\Sysnative\drivers\nvvad64v.sys
2014-11-12 05:02:05 DE8D12B4C3F55FA2C5E9774314F6C58A 258368 ----a-w- C:\Windows\Sysnative\drivers\WdFilter.sys
2014-11-12 05:02:05 4AD874CDC812EC156265E451B6B09DAB 114496 ----a-w- C:\Windows\Sysnative\drivers\WdNisDrv.sys
2014-11-12 05:02:04 0359607177E5E9F6041136CC0A5CB0B6 35320 ----a-w- C:\Windows\Sysnative\drivers\WdBoot.sys
2014-11-12 04:59:26 9F08A6608F98B5407E7DDBCF306573EF 27456 ----a-w- C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-11-12 04:59:26 6D2EE96150E35B9EA49F2B481DE0369A 177472 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-11-12 04:59:26 4E1207CE16E615B0B7A70DC889F4500E 563976 ----a-w- C:\Windows\Sysnative\drivers\cng.sys
2014-11-12 04:58:00 CCB3A2BB60FE5073F2DEA63FE83CF8FE 2497344 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys
2014-11-12 04:57:59 E3FCE2A6B3533D99A3B498504DF9CC47 474432 ----a-w- C:\Windows\Sysnative\drivers\netio.sys
2014-11-12 04:57:58 7F23E38C5B6448F91439E4066645191E 428864 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-11-12 04:57:58 66732C13628BDB1AB0D6FD46027327C2 148800 -c--a-w- C:\Windows\Sysnative\drivers\USBSTOR.SYS
2014-11-08 07:38:58 5CE6B69D4E1BE1B4D95F86A439A82787 13189832 ----a-w- C:\Windows\Sysnative\drivers\nvlddmkm.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\awloong\AppData\Roaming ======
2014-11-19 04:38:59 3C6034492ED538F24A29E614F58413C2 7602 ----a-w- C:\Users\awloong\AppData\Local\Resmon.ResmonCfg
2014-11-06 05:54:54 -------- d-----w- C:\Users\Default\AppData\Local\Google
====== C:\Users\awloong ======
2014-11-25 15:45:58 7AEDDC1A55682B74EA03E81C1527D8F7 2118144 ----a-w- C:\Users\awloong\Downloads\FRST64.exe
2014-11-16 11:08:18 1675C5B0D12BC28613BFD1E6A5BE9471 1080496 ----a-w- C:\Users\awloong\Downloads\UnityWebPlayer.exe
2014-11-14 15:24:04 8FB072CBA0D3574DB0DA6A04BA85C07A 32 ----a-r- C:\Users\awloong\hash.dat
2014-11-13 03:50:36 -------- d-----w- C:\ProgramData\KONAMI
2014-11-10 04:28:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Farming Simulator 15
2014-11-08 14:18:15 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
 
====== C: exe-files ==
2014-11-27 08:37:53 CC7ED069C2FC82B5B1555C2044C765CC 833728 ----a-w- C:\Program Files (x86)\Common Files\Steam\SteamServiceTmp.exe
2014-11-27 00:59:31 9D83E2859AC027E8C505CB4D1931AF47 1117264 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\39.0.2171.71\39.0.2171.71_39.0.2171.65_chrome_updater.exe
2014-11-25 15:45:58 7AEDDC1A55682B74EA03E81C1527D8F7 2118144 ----a-w- C:\Users\awloong\Downloads\FRST64.exe
2014-11-25 15:42:11 3C7B90403C3016F3209B705B9668633B 4438240 ----a-w- C:\Users\awloong\AppData\Local\NVIDIA\NvBackend\Packages\000068ea\DAO.19085104.exe
2014-11-21 13:24:01 DEB0B124A3470E05C273D90B0B5984C0 426352 ----a-w- C:\Users\awloong\AppData\Local\NVIDIA\NvBackend\Packages\00006819\CoProc update.19076826.exe
=== C: other files ==
2014-11-27 07:58:05 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI65562\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-27 07:58:05 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI65562\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-27 04:03:26 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI11922\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-27 04:03:26 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI11922\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-27 00:27:10 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI61043\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-27 00:27:10 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI61043\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-26 12:17:29 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI64682\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-26 12:17:29 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI64682\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-26 07:24:07 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI43042\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-26 07:24:07 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI43042\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-26 04:35:10 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI91762\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-26 04:35:10 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI91762\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-25 15:41:21 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI76442\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-25 15:41:21 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI76442\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-24 08:48:01 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI37762\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-24 08:48:01 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI37762\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-24 05:03:21 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI55283\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-24 05:03:21 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI55283\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-23 23:08:57 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI65283\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-23 23:08:57 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI65283\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-23 04:00:50 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI81882\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-23 04:00:50 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI81882\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-22 12:10:19 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI11802\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-22 12:10:19 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI11802\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-21 15:19:29 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI85922\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-21 15:19:29 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI85922\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-21 05:40:43 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI73482\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-21 05:40:43 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI73482\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-20 16:42:55 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI47162\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-20 16:42:55 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI47162\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
2014-11-20 13:22:09 DE0983FE4B830699312D35A990B3AE1B 1945 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI18562\resources\chrome_ext\nknebiagdodnminbdpflhpkgfpeijdbf_live.crx
2014-11-20 13:22:09 82F5C942549405F61A8808D0EA0FA9E2 25575 ----a-w- C:\Users\awloong\AppData\Local\Temp\_MEI18562\resources\chrome_ext\apdfllckaahabafndbhieahigkjlhalf_live.crx
 
======== System Restore Points ========
 
RP3: 27/11/2014 9:21:38 AM - Scheduled Checkpoint
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Spotify Web Helper"="C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"GoogleChromeAutoLaunch_31BAE31735360A836BC0E93856C18F3A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"CMD"="cmd.exe /c start http://ooov.net && exit"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sound Blaster Cinema"="C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe /r"
"UpdReg"="C:\Windows\UpdReg.EXE"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
"OfficeScanNT Monitor"="C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe -HideWindow"
"iTunesHelper"="C:\Games\itunes\iTunesHelper.exe"
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun"
"Spotify Web Helper"="C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
"iCloudServices"="C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe"
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe /autostart"
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"GoogleChromeAutoLaunch_31BAE31735360A836BC0E93856C18F3A"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
"CMD"="cmd.exe /c start http://ooov.net && exit"
 
==== Startup Registry Enabled x64 ======================
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r"
"MBCfg64"="C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"NvBackend"="C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
"ShadowPlay"="C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart"
"BTMTrayAgent"="rundll32.exe C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll,TrayApp"
 
==== Startup Folders ======================
 
2014-09-09 15:36:49 1256 ----a-w- C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
2014-03-25 06:09:40 968 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/06/2014 11:39 PM]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/06/2014 11:39 PM]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" ["C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{5B6D457F-B8EE-42D5-8697-DBFC866383FA}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{A13EFC00-82A5-40D9-AD2A-20C976A5B760}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Folders in C:\PROGRA~3 0-6 Months Old ======================
 
2014-06-04 08:11:03 -------- d-----w- C:\PROGRA~3\Razer
2014-06-04 13:53:15 -------- d-----w- C:\PROGRA~3\Skype
2014-06-04 13:55:46 -------- d-----w- C:\PROGRA~3\Apple
2014-06-04 13:56:06 -------- d-----w- C:\PROGRA~3\Apple Computer
2014-06-04 15:52:43 -------- d-----w- C:\PROGRA~3\Mozilla
2014-06-05 07:24:24 -------- d-----w- C:\PROGRA~3\McAfee
2014-06-05 15:54:50 -------- d-----w- C:\PROGRA~3\Orbit
2014-06-07 08:59:37 -------- d-----w- C:\PROGRA~3\Electronic Arts
2014-06-07 08:59:37 -------- d-----w- C:\PROGRA~3\Origin
2014-06-07 13:03:07 -------- d-----w- C:\PROGRA~3\DAEMON Tools Lite
2014-06-07 13:24:18 -------- d-----w- C:\PROGRA~3\Steam
2014-06-07 13:24:19 -------- d-----w- C:\PROGRA~3\Codemasters
2014-06-07 17:48:09 -------- d-----w- C:\PROGRA~3\Microsoft Help
2014-07-19 07:01:54 -------- d-----w- C:\PROGRA~3\cdWorks
2014-08-26 11:22:55 -------- d-----w- C:\PROGRA~3\Battle.net
2014-08-26 11:29:04 -------- d-----w- C:\PROGRA~3\Blizzard Entertainment
2014-08-31 04:01:23 -------- d-----w- C:\PROGRA~3\Oracle
2014-09-10 01:59:25 -------- d-----w- C:\PROGRA~3\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-13 04:39:26 -------- d-----w- C:\PROGRA~3\Malwarebytes
2014-10-07 07:25:58 -------- d-----w- C:\PROGRA~3\WinZip
2014-10-11 10:53:57 -------- d-----w- C:\PROGRA~3\EA Logs
2014-10-11 10:54:00 -------- d-----w- C:\PROGRA~3\EA Core
2014-10-14 09:56:53 -------- d-----w- C:\PROGRA~3\VS Revo Group
2014-10-15 15:46:04 -------- d-----w- C:\PROGRA~3\Tunngle
2014-10-22 05:15:43 -------- d-----w- C:\PROGRA~3\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-13 03:50:36 -------- d-----w- C:\PROGRA~3\KONAMI
 
==== Chromium Look ======================
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
 
Google Docs - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GOM - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke
Google Search - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Momentum - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca
Google Drive App Launcher - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
Google Wallet - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{5828D414-C200-4750-90A9-2E9A406455E7}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"
 
==== Uninstall List x64 ======================
 
æTorrent  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent]
64 Bit HP CIO Components Installer [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F8F948EA-5AEA-4158-8821-A2F788ECE936}]
Airplane Mode Hid Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5E5B067F-52A4-447E-A3F1-D6DD10565E73}]
Airplane Mode Hid Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}]
Apple Application Support [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}]
Apple Mobile Device Support [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}]
Apple Software Update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}]
Battle.net  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Battle.net]
Battlefield 4T [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ABADE36E-EC37-413B-8179-B432AD3FACE7}]
Battlelog Web Plugins [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Battlelog Web Plugins]
Bejeweledr 3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}]
Bonjour  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
Borderlands: The Pre-Sequel [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1]
DAEMON Tools Lite [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
DARK SOULST II [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 236430]
Diablo III [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Diablo III]
Don't Starve [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 219740]
Dota 2 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 570]
Dragon Age: Origins [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AEC81925-9C76-4707-84A9-40696C613ED3}]
EA SPORTST FIFA 15 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}]
F1 2014 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\RjEyMDE0_is1]
Far Cry 4 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Far Cry 4_is1]
Farming Simulator 15 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Farming Simulator 15_is1]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Drive [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Hearthstone  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Hearthstone]
Hotkey 1.17.19 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}]
iCloud  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6096C0CC-7E19-4355-87F0-627EC5AA146D}]
Insyde Airplane Mode HID Mini-Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AirplaneModeHid]
Intel® Management Engine Components [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}]
Intel® PRO/Wireless Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c7565395-3662-4b78-8c42-e7cf02c6edd7}]
Intel® Processor Graphics [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}]
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{302600C1-6BDF-4FD1-1311-148929CC1385}]
Intelr PROSet/Wireless Software [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}]
Intelr PROSet/Wireless WiFi Software [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3181229B-05DA-46F9-B8D4-4966BDA99A74}]
Intelr Trusted Connect Service Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B5E06417-A4AC-4225-B36E-7E34C91616E7}]
iTunes  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}]
Java 8 Update 20 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86418020F0}]
Java SE Development Kit 8 Update 11 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{64A3A4F4-B792-11D6-A78A-00B0D0180110}]
Malwarebytes Anti-Malware version 2.0.2.1012 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes Anti-Malware_is1]
Microsoft ASP.NET MVC 4 Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}]
Microsoft Exchange Web Services Managed API 2.1 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}]
Microsoft Office 365 ProPlus - en-us [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\O365ProPlusRetail - en-us]
Microsoft Visual C++ 2005 Redistributable [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9A25302D-30C0-39D9-BD6F-21E6EC160475}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}]
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}]
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{a1909659-0a08-4554-8af1-2175904903a1}]
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{95716cce-fc71-413f-8ad5-56c2892d4b3a}]
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{764384C5-BCA9-307C-9AAC-FD443662686A}]
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}]
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3D6AD258-61EA-35F5-812C-B7A02152996E}]
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E7D4E834-93EB-351F-B8FB-82CDAE623003}]
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7f51bdb9-ee21-49ee-94d6-90afc321780e}]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ce085a78-074e-4823-8dc1-8a721b94b76d}]
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{929FBD26-9020-399B-9A7A-751D61F0B942}]
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}]
Microsoft XNA Framework Redistributable 4.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}]
Middle-earth: Shadow of Mordor [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 241930]
Notepad++  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Notepad++]
NVIDIA Control Panel 344.11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel]
NVIDIA GeForce Experience 2.1.4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience]
NVIDIA GeForce Experience Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService]
NVIDIA Graphics Driver 344.11 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver]
NVIDIA Install Application [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer]
NVIDIA LED Visualizer 1.0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer]
NVIDIA Network Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service]
NVIDIA Optimus Update 16.13.65 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus]
NVIDIA PhysX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B455E95A-B804-439F-B533-336B1635AE97}]
NVIDIA PhysX System Software 9.14.0702 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX]
NVIDIA ShadowPlay 16.13.65 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay]
NVIDIA Update 16.13.65 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update]
NVIDIA Update Core [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core]
NVIDIA Virtual Audio 1.2.26 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver]
O*NET Assessment Tools [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\O*NET Assessment Tools]
Origin  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Origin]
Platform  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{20D4A895-748C-4D88-871C-FDB1695B0169}]
Razer Cortex [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Razer Cortex_is1]
Razer Synapse 2.0 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}]
Realtek Card Reader [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
Respondus LockDown Browser [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}]
SHIELD Streaming [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv]
SHIELD Wireless Controller Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController]
SkypeT 6.21 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}]
Sound Blaster Cinema [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}]
Spiral Knights [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 99900]
Spotify  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spotify]
Steam  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{048298C9-A4D3-490B-9FF9-AB023A9238F3}]
Sticky Notes [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{7F806A28-6A54-485B-918A-F76F2EF6E651}]
Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]
Telegram Desktop version 0.6.15 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1]
Terraria  [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam App 105600]
The Witcher 2 - Assassins of Kings Enhanced Edition [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\The Witcher 2 - Assassins of Kings Enhanced Edition_is1]
Tunngle beta [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Tunngle beta_is1]
Update for CHS Microsoft IME HAP Dictionary [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{492B13E2-5A25-4D07-8C79-6C2E2E82CBBE}]
VIA Platform Device Manager [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}]
VLC media player [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\VLC media player]
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\E38E8D276444640BFCE21B5A73FD63C479B76259]
WinRAR 5.10 beta 4 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
WinZip 18.5 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}]
 
==== HijackThis Entries ======================
 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL
O4 - HKLM\..\Run: [Sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [iTunesHelper] "C:\Games\itunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_31BAE31735360A836BC0E93856C18F3A] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [CMD] cmd.exe /c start http://ooov.net && exit
O4 - Startup: Telegram.lnk = awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe
O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\HkeyTray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\HotkeyService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Tunngle.net GmbH - E:\aden's\Games\Tunngle\TnglCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem17.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=0 folders=0 0 bytes)
 
==== EOF on Thu 27/11/2014 at 20:16:55.04 ======================
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 27 November 2014 - 10:27 AM

First,

====Zoek.exe====

Start 51a612a8b27e2-Zoek.pngZoek.exe again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    C:\Users\awloong\hash.dat;f
    
    [HKEY_USERS\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Windows\CurrentVersion\Run];r
    "CMD"=-;r
    
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
    "CMD"=-;r
    autoclean;
    emptyfolderscheck;
    
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.
Next,
Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Next,
Note: The log can also be found in here: C:\AdwCleaner\

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Next,

Start 51a612a8b27e2-Zoek.pngZoek.exe again.

Take action to disable your antivirus and antispyware programs, as they may conflict with Zoek.exe
>> Info on how to disable your security applications > http://www.bleepingcomputer.com/forums/topic114351.html

Using Zoek.exe
  • On the Desktop, double-click Zoek.exe to start the tool.
    Windows Vista, 7 and 8 users right-click the file and select: Run as Administrator.
    Give the program a few seconds to appear.
  • Copy and paste the following script in the code box:
  • Note: This script is written for usage on this system only, do not use it on any other computer even if the problems are similar.
    standardsearch;
  • Click the "Run script" button and wait patiently.
  • When finished the logfile will be opened in notepad.
  • If a reboot is needed the logfile will be opened after reboot.
  • The zoek-results.log can also be found on your systemdrive.
  • Please post the logfile for further review in your next comment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 27 November 2014 - 10:57 AM

Attached is the latest zoek results. 

I got rid of the gamesdoka. Thanks a lot guys!!

Attached Files



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 27 November 2014 - 11:01 AM

What's with the other logs?


~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 27 November 2014 - 11:08 AM

Oops. Here you go! 

Attached Files



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 27 November 2014 - 12:12 PM

I just want to check with FRST.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 27 November 2014 - 10:00 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01

Ran by awloong (administrator) on ADENAU on 28-11-2014 10:58:37
Running from C:\Users\awloong\Downloads
Loaded Profile: awloong (Available profiles: awloong)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Hotkey\HotkeyService.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Spotify Ltd) C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(CLEVO CO.) C:\Program Files (x86)\Hotkey\HkeyTray.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Telegram Messenger LLP) C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe
(Apple Inc.) C:\Games\itunes\iTunesHelper.exe
() C:\Program Files (x86)\Hotkey\hkysound.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4681216 2014-01-02] (VIA)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-07] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM-x32\...\Run: [Sound Blaster Cinema] => C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe [711680 2013-08-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [585560 2014-06-23] (Razer Inc.)
HKLM-x32\...\Run: [OfficeScanNT Monitor] => "C:\Program Files (x86)\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
HKLM-x32\...\Run: [iTunesHelper] => C:\Games\itunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [Spotify Web Helper] => C:\Users\awloong\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-13] (Spotify Ltd)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Run: [GoogleChromeAutoLaunch_31BAE31735360A836BC0E93856C18F3A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-11-25] (Google Inc.)
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Policies\Explorer: [NoLogOff] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hotkey.lnk
ShortcutTarget: Hotkey.lnk -> C:\Program Files (x86)\Hotkey\HkeyTray.exe (CLEVO CO.)
Startup: C:\Users\awloong\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Telegram.lnk
ShortcutTarget: Telegram.lnk -> C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)\Telegram.exe (Telegram Messenger LLP)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.xin.msn.com/
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB283D869EE9DCF01
HKU\S-1-5-21-429218106-2658364167-3459249354-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-SG,en;q=0.8,zh-Hans-SG;q=0.5,zh-Hans;q=0.3
SearchScopes: HKU\S-1-5-21-429218106-2658364167-3459249354-1003 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-429218106-2658364167-3459249354-1003 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = http://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Games\itunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> google.com__
CHR DefaultSearchURL: Default -> http://www.google.com/search?q={searchTerms}
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Profile: C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-04]
CHR Extension: (Google Drive) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-25]
CHR Extension: (YouTube) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-04]
CHR Extension: (GOM Web-VPN) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2014-08-12]
CHR Extension: (Google Search) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-04]
CHR Extension: (Momentum) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2014-09-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Wallet) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-04]
CHR Extension: (Gmail) - C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-04]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-07] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-10-11] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-14] (Hewlett-Packard) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-07] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-07] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-27] (Electronic Arts)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-14] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-06-07] ()
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\HotkeyService.exe [23552 2014-01-16] () [File not signed]
S3 TunngleService; E:\aden's\Games\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2012-12-11] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3671792 2013-10-11] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AirplaneModeHid; C:\Windows\system32\DRIVERS\AirplaneModeHid.sys [26888 2013-06-27] (Insyde Corporation)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-05] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1408824 2013-10-18] (Motorola Solutions, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-06-07] (Disc Soft Ltd)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [142280 2013-10-18] (Intel Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3607520 2013-10-14] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-07] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38216 2014-10-04] (NVIDIA Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [445656 2013-11-08] (Realsil Semiconductor Corporation)
S3 rzp1endpt; C:\Windows\System32\drivers\rzp1endpt.sys [39080 2014-05-19] (Razer Inc)
S3 rzvmouse; C:\Windows\System32\drivers\rzvmouse.sys [31400 2014-05-19] (Razer Inc)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2013-12-20] (Synaptics Incorporated)
R1 SvThANSP; C:\Program Files (x86)\Hotkey\SvThANSP.sys [15224 2013-10-11] (Windows ® Win 7 DDK provider)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 VMfilt; C:\Windows\system32\drivers\VMfilt64.sys [33456 2013-12-16] (Creative Technology Ltd.)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 10:57 - 2014-11-28 10:57 - 00000000 ____D () C:\Users\awloong\Downloads\FRST-OlderVersion
2014-11-28 00:07 - 2014-11-28 00:07 - 00028812 _____ () C:\Users\awloong\Downloads\zoek-results.txt
2014-11-27 23:44 - 2014-11-27 23:35 - 00006523 _____ () C:\zoek-results2014-11-27-153545.log
2014-11-27 23:42 - 2014-11-27 23:42 - 00000000 ____D () C:\Windows\ERUNT
2014-11-27 23:41 - 2014-11-27 23:42 - 01707532 _____ (Thisisu) C:\Users\awloong\Downloads\JRT (1).exe
2014-11-27 23:39 - 2014-11-27 23:39 - 01707532 _____ (Thisisu) C:\Users\awloong\Downloads\JRT.exe
2014-11-27 23:38 - 2014-11-27 23:40 - 00000000 ____D () C:\AdwCleaner
2014-11-27 23:38 - 2014-11-27 23:38 - 02148864 _____ () C:\Users\awloong\Downloads\AdwCleaner.exe
2014-11-27 23:35 - 2014-11-27 23:35 - 00000000 ____D () C:\Users\awloong\AppData\Local\VirtualStore
2014-11-27 23:28 - 2014-11-27 20:16 - 00102373 _____ () C:\zoek-results2014-11-27-121655.log
2014-11-27 20:04 - 2014-11-26 12:48 - 00126872 _____ () C:\zoek-results2014-11-26-044847.log
2014-11-26 12:36 - 2014-11-26 00:26 - 00007159 _____ () C:\zoek-results2014-11-25-162627.log
2014-11-26 00:25 - 2014-11-27 23:34 - 00000000 ____D () C:\zoek_backup
2014-11-26 00:24 - 2014-11-26 00:25 - 01294848 _____ () C:\Users\awloong\Downloads\zoek.exe
2014-11-25 23:50 - 2014-11-25 23:50 - 00054023 _____ () C:\Users\awloong\Downloads\FRST (1).txt
2014-11-25 23:47 - 2014-11-28 10:58 - 00020289 _____ () C:\Users\awloong\Downloads\FRST.txt
2014-11-25 23:45 - 2014-11-28 10:57 - 02117632 _____ (Farbar) C:\Users\awloong\Downloads\FRST64.exe
2014-11-22 21:47 - 2014-11-22 21:47 - 00002296 _____ () C:\Users\awloong\Downloads\BOSS_Class_Timetable_UGRD_1410 (1).csv
2014-11-21 14:01 - 2014-11-21 14:01 - 00457554 _____ () C:\Users\awloong\Downloads\lecture11 (1).pptx
2014-11-19 20:16 - 2014-11-19 20:16 - 01717235 _____ () C:\Users\awloong\Downloads\lecture10 (1).pptx
2014-11-19 19:11 - 2014-10-04 03:23 - 00038216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-11-19 19:11 - 2014-10-04 03:23 - 00032584 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-11-19 16:06 - 2014-11-10 07:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 16:06 - 2014-11-10 07:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 16:06 - 2014-11-10 07:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 16:06 - 2014-11-10 07:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-19 12:38 - 2014-11-19 12:38 - 00007602 _____ () C:\Users\awloong\AppData\Local\Resmon.ResmonCfg
2014-11-16 19:08 - 2014-11-16 19:08 - 01080496 _____ (Unity Technologies ApS) C:\Users\awloong\Downloads\UnityWebPlayer.exe
2014-11-14 18:12 - 2014-11-14 18:12 - 00008161 _____ () C:\Users\awloong\Downloads\buggy2014-1.zip
2014-11-14 18:10 - 2014-11-14 18:12 - 00000000 ____D () C:\Users\awloong\Downloads\week13
2014-11-14 18:10 - 2014-11-14 18:10 - 00174380 _____ () C:\Users\awloong\Downloads\week13.zip
2014-11-13 11:50 - 2014-11-13 11:50 - 00000000 ____D () C:\Users\awloong\Documents\KONAMI
2014-11-13 11:50 - 2014-11-13 11:50 - 00000000 ____D () C:\ProgramData\KONAMI
2014-11-12 19:09 - 2014-11-12 19:09 - 02666267 _____ () C:\Users\awloong\Downloads\3747549.flv
2014-11-12 19:06 - 2014-11-12 19:06 - 03394012 _____ () C:\Users\awloong\Downloads\3747540.flv
2014-11-12 19:00 - 2014-11-12 19:00 - 45436119 _____ () C:\Users\awloong\Downloads\3722022_hd.flv
2014-11-12 13:02 - 2014-09-22 12:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 13:02 - 2014-09-22 11:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 13:02 - 2014-09-22 11:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 13:02 - 2014-09-22 10:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 13:02 - 2014-09-19 08:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 13:02 - 2014-09-03 06:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 13:02 - 2014-09-03 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 13:01 - 2014-11-05 07:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 13:01 - 2014-11-04 08:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 13:01 - 2014-10-31 13:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 13:01 - 2014-10-31 12:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-11-12 13:01 - 2014-10-31 12:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 13:01 - 2014-10-31 12:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-11-12 13:01 - 2014-10-13 10:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 13:01 - 2014-10-11 08:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 13:01 - 2014-10-11 08:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 13:01 - 2014-10-08 15:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 13:01 - 2014-10-08 15:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 13:01 - 2014-10-08 14:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 13:01 - 2014-10-08 13:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 13:01 - 2014-10-08 13:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 13:01 - 2014-09-27 15:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 13:01 - 2014-09-27 13:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 13:01 - 2014-09-27 11:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 13:01 - 2014-09-27 11:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 13:01 - 2014-09-27 11:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 13:00 - 2014-10-31 13:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 13:00 - 2014-10-31 13:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 13:00 - 2014-10-31 13:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 13:00 - 2014-10-31 13:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 13:00 - 2014-10-31 13:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 13:00 - 2014-10-31 13:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 13:00 - 2014-10-31 13:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 13:00 - 2014-10-31 13:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 13:00 - 2014-10-31 13:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 13:00 - 2014-10-31 13:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 13:00 - 2014-10-31 13:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-12 13:00 - 2014-10-31 13:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 13:00 - 2014-10-31 12:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 13:00 - 2014-10-31 12:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 13:00 - 2014-10-31 12:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 13:00 - 2014-10-31 12:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 13:00 - 2014-10-31 12:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 13:00 - 2014-10-31 12:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 13:00 - 2014-10-31 12:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 13:00 - 2014-10-31 12:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 13:00 - 2014-10-31 12:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 13:00 - 2014-10-31 12:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 13:00 - 2014-10-31 12:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 13:00 - 2014-10-31 12:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 13:00 - 2014-10-31 12:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 13:00 - 2014-10-31 12:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 13:00 - 2014-10-31 12:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 13:00 - 2014-10-31 12:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 13:00 - 2014-10-31 12:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 13:00 - 2014-10-31 12:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 13:00 - 2014-10-31 12:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 13:00 - 2014-10-31 12:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-12 13:00 - 2014-10-31 12:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 13:00 - 2014-10-31 12:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 13:00 - 2014-10-31 12:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-12 13:00 - 2014-10-31 12:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-12 13:00 - 2014-10-31 12:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 13:00 - 2014-10-31 12:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 13:00 - 2014-10-31 12:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 13:00 - 2014-10-31 12:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 13:00 - 2014-10-31 11:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 13:00 - 2014-10-31 11:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 13:00 - 2014-10-31 11:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 13:00 - 2014-10-31 11:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 13:00 - 2014-10-31 11:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 13:00 - 2014-10-31 11:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 13:00 - 2014-10-31 11:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 13:00 - 2014-10-31 11:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 13:00 - 2014-10-31 11:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 13:00 - 2014-10-31 11:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 13:00 - 2014-10-31 11:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 13:00 - 2014-10-31 11:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 13:00 - 2014-10-31 11:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 13:00 - 2014-10-31 11:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 13:00 - 2014-10-31 11:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-12 13:00 - 2014-10-31 11:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 13:00 - 2014-10-31 11:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 13:00 - 2014-10-31 11:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 13:00 - 2014-10-31 11:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 13:00 - 2014-10-31 11:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 13:00 - 2014-10-31 11:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 13:00 - 2014-10-31 11:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 13:00 - 2014-10-31 11:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 13:00 - 2014-10-31 11:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 13:00 - 2014-10-31 11:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 13:00 - 2014-10-31 11:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 13:00 - 2014-10-31 11:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 13:00 - 2014-10-31 11:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 13:00 - 2014-10-31 11:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 13:00 - 2014-10-31 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 13:00 - 2014-10-31 10:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 13:00 - 2014-10-31 10:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 13:00 - 2014-10-31 10:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 13:00 - 2014-10-31 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 13:00 - 2014-10-31 10:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 13:00 - 2014-10-31 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 13:00 - 2014-10-31 10:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-12 13:00 - 2014-10-31 10:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 13:00 - 2014-10-31 10:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 13:00 - 2014-10-31 10:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 13:00 - 2014-10-31 10:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 13:00 - 2014-10-31 10:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-12 13:00 - 2014-10-31 10:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 13:00 - 2014-10-31 10:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 13:00 - 2014-10-31 10:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 13:00 - 2014-10-31 10:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 13:00 - 2014-10-31 10:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 13:00 - 2014-10-31 10:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 13:00 - 2014-10-31 10:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 13:00 - 2014-10-31 10:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 13:00 - 2014-10-31 10:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 12:59 - 2014-10-10 09:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 12:59 - 2014-10-10 09:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 12:59 - 2014-10-10 09:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 12:59 - 2014-10-08 15:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 12:59 - 2014-10-08 15:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 12:59 - 2014-10-08 15:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 12:59 - 2014-10-08 15:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 12:59 - 2014-10-08 14:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 12:59 - 2014-10-08 14:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 12:59 - 2014-10-08 14:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 12:59 - 2014-10-08 14:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 12:59 - 2014-10-08 14:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 12:59 - 2014-10-08 13:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 12:58 - 2014-10-23 13:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 12:58 - 2014-10-23 13:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 12:58 - 2014-10-18 17:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 12:58 - 2014-10-18 16:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 12:58 - 2014-10-18 16:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 12:58 - 2014-10-18 15:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 12:58 - 2014-10-18 14:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 12:58 - 2014-10-18 14:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 12:58 - 2014-10-18 14:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 12:58 - 2014-10-18 14:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 12:58 - 2014-10-18 14:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 12:58 - 2014-10-18 14:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 12:58 - 2014-10-18 14:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 12:58 - 2014-10-18 14:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 12:58 - 2014-10-18 14:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 12:58 - 2014-10-18 14:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 12:58 - 2014-10-18 14:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 12:58 - 2014-10-18 14:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 12:58 - 2014-10-17 15:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 12:58 - 2014-10-17 14:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 12:58 - 2014-10-07 14:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 12:58 - 2014-10-07 14:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 12:58 - 2014-10-07 14:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 12:58 - 2014-10-07 14:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 12:58 - 2014-10-07 14:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 12:58 - 2014-10-07 11:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 12:58 - 2014-10-07 11:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 12:58 - 2014-10-07 11:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 12:58 - 2014-10-07 11:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 12:58 - 2014-10-07 09:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 12:58 - 2014-10-07 09:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 12:58 - 2014-09-08 11:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 12:58 - 2014-09-05 06:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 12:58 - 2014-09-04 11:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 12:58 - 2014-08-31 08:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 12:58 - 2014-08-31 06:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 12:58 - 2014-08-31 05:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 12:58 - 2014-08-28 10:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 12:58 - 2014-08-23 13:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 12:58 - 2014-08-23 13:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 12:58 - 2014-08-23 13:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 12:58 - 2014-08-23 12:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 12:57 - 2014-09-10 14:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 12:57 - 2014-09-08 11:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 12:57 - 2014-09-08 06:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 12:57 - 2014-09-05 06:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 12:57 - 2014-09-04 10:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 12:57 - 2014-09-04 09:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 12:57 - 2014-09-04 08:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 12:57 - 2014-08-31 08:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 12:57 - 2014-08-31 06:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 12:57 - 2014-08-31 05:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 12:57 - 2014-08-31 04:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 12:57 - 2014-08-31 04:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 12:57 - 2014-08-28 08:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 12:57 - 2014-08-28 08:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 12:57 - 2014-08-23 13:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 12:57 - 2014-08-02 08:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 12:57 - 2014-08-02 08:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-11 17:18 - 2014-11-11 17:23 - 01816618 _____ () C:\Users\awloong\Downloads\Instagram Final Slides (Edited) (2).pptx
2014-11-11 16:03 - 2014-11-11 16:03 - 00457554 _____ () C:\Users\awloong\Downloads\lecture11.pptx
2014-11-11 15:55 - 2014-11-11 15:55 - 00099616 _____ () C:\Users\awloong\Downloads\2013-141-Lab-Test-2.zip
2014-11-11 15:55 - 2014-11-11 15:55 - 00091619 _____ () C:\Users\awloong\Downloads\2013-141-Lab-Test-3.zip
2014-11-11 15:45 - 2014-11-11 15:45 - 01855984 _____ () C:\Users\awloong\Downloads\Instagram Final Slides (Edited) (1).pptx
2014-11-11 15:37 - 2014-11-11 15:37 - 01855984 _____ () C:\Users\awloong\Downloads\Instagram Final Slides (Edited).pptx
2014-11-11 12:18 - 2014-11-11 12:18 - 00006755 _____ () C:\Users\awloong\Downloads\Buggy-1.zip
2014-11-11 12:17 - 2014-11-11 12:17 - 00006884 _____ () C:\Users\awloong\Downloads\DVDRental.zip
2014-11-11 12:17 - 2014-11-11 12:17 - 00006597 _____ () C:\Users\awloong\Downloads\Buggy-2.zip
2014-11-10 00:14 - 2014-11-10 00:14 - 00022046 _____ () C:\Users\awloong\Downloads\312C.tmp
2014-11-08 22:18 - 2014-11-27 16:37 - 00000747 _____ () C:\Users\Public\Desktop\FIFA 15.lnk
2014-11-08 22:18 - 2014-11-08 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 15
2014-11-08 15:38 - 2014-10-30 12:53 - 31890064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 24554824 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 20922696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 19966856 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 18497600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 17258696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 14029400 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 13942368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 13189832 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-11-08 15:38 - 2014-10-30 12:53 - 11395672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 11333848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 04289856 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 04011840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 02849224 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434460.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434460.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00961224 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00932168 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00922944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00896144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00502080 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00416912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00391824 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00349504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-11-08 15:38 - 2014-10-30 12:53 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-11-06 21:47 - 2014-11-06 21:47 - 00027443 _____ () C:\Users\awloong\Downloads\Project.zip
2014-11-06 13:54 - 2014-11-06 13:54 - 00000000 ____D () C:\Users\Default\AppData\Local\Google
2014-11-06 01:14 - 2014-11-06 01:14 - 12442499 _____ () C:\Users\awloong\Downloads\102396.flv
2014-11-03 20:31 - 2014-11-03 22:35 - 00036526 _____ () C:\Users\awloong\Downloads\stats survey compiled.xlsx
2014-11-03 19:11 - 2014-11-03 19:38 - 00017756 _____ () C:\Users\awloong\Downloads\stats survey.xlsx
2014-11-02 19:56 - 2014-11-02 19:56 - 40953492 _____ () C:\Users\awloong\Downloads\Couple Handjob Masturbation Park Bench 1 & 2 [EDIT ENHANCED] [Konus Konusvue Giant 20x80 & Camera Phone] Approx 50m.avi
2014-11-01 21:33 - 2014-11-01 21:33 - 00007837 _____ () C:\Users\awloong\Downloads\TEABAGS2014.xlsx
2014-11-01 21:33 - 2014-11-01 21:33 - 00000165 ____H () C:\Users\awloong\Downloads\~$TEABAGS2014.xlsx
2014-10-30 17:20 - 2014-10-30 23:28 - 00075129 _____ () C:\Users\awloong\Downloads\Data-for-group-project.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-28 10:58 - 2014-09-13 13:09 - 00000000 ____D () C:\FRST
2014-11-28 10:57 - 2014-09-29 22:08 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ADENAU-awloong AdenAu
2014-11-28 10:57 - 2014-09-05 00:02 - 00000000 ___RD () C:\Users\awloong\Google Drive
2014-11-28 10:57 - 2014-06-04 21:53 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Skype
2014-11-28 10:56 - 2014-06-05 23:39 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-28 10:56 - 2014-06-05 01:09 - 00000000 ___DO () C:\Users\awloong\OneDrive
2014-11-28 10:56 - 2014-03-16 18:17 - 01257321 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 10:56 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-28 00:29 - 2014-06-04 16:13 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-429218106-2658364167-3459249354-1003
2014-11-28 00:15 - 2014-06-04 16:58 - 00000000 ____D () C:\Users\awloong\AppData\Local\Razer
2014-11-28 00:15 - 2014-06-04 16:11 - 00000000 ____D () C:\ProgramData\Razer
2014-11-28 00:15 - 2014-06-04 16:10 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-28 00:14 - 2014-06-04 16:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-11-27 23:59 - 2014-06-05 23:39 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-27 23:47 - 2014-03-16 18:24 - 00892952 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-27 23:40 - 2014-03-16 19:39 - 00487310 _____ () C:\Windows\PFRO.log
2014-11-27 23:40 - 2013-08-22 22:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-27 23:35 - 2013-08-22 21:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-27 23:34 - 2014-06-04 15:43 - 00000000 ____D () C:\Users\awloong
2014-11-27 20:03 - 2014-06-07 16:02 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\vlc
2014-11-27 16:36 - 2014-06-07 16:59 - 00000000 ____D () C:\ProgramData\Origin
2014-11-27 16:36 - 2014-06-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-27 16:28 - 2013-08-22 23:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-27 16:26 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-27 12:03 - 2014-09-09 23:33 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Telegram Win (Unofficial)
2014-11-27 09:00 - 2014-06-05 23:41 - 00002210 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-27 08:29 - 2014-06-05 23:39 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-24 07:54 - 2014-06-04 15:43 - 00000000 ____D () C:\Users\awloong\AppData\Local\Packages
2014-11-22 23:28 - 2014-03-25 13:37 - 00018923 _____ () C:\Windows\setupact.log
2014-11-18 15:39 - 2014-06-08 01:20 - 00357376 ___SH () C:\Users\awloong\Desktop\Thumbs.db
2014-11-18 12:02 - 2014-06-04 16:55 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\uTorrent
2014-11-18 10:20 - 2014-08-31 17:33 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-17 23:53 - 2014-06-05 23:54 - 00000000 ____D () C:\Users\awloong\Documents\My Games
2014-11-17 11:53 - 2014-10-07 15:26 - 00000000 ____D () C:\Users\awloong\AppData\Local\WinZip
2014-11-16 11:32 - 2014-06-05 23:39 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-15 13:33 - 2014-08-26 19:29 - 00000000 ____D () C:\Users\awloong\AppData\Local\Battle.net
2014-11-15 13:11 - 2013-08-22 23:36 - 00000000 ____D () C:\Windows\rescache
2014-11-12 15:27 - 2013-08-22 22:44 - 00481176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 14:57 - 2014-07-12 00:21 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-12 14:57 - 2013-08-22 23:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 13:38 - 2014-03-16 18:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 13:36 - 2014-03-16 18:36 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-09 22:45 - 2014-06-14 23:51 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\Spotify
2014-11-09 22:05 - 2014-06-14 23:53 - 00000000 ____D () C:\Users\awloong\AppData\Local\Spotify
2014-11-08 22:10 - 2014-06-07 17:05 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-08 22:02 - 2014-05-31 13:09 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-07 01:06 - 2014-07-29 23:16 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-11-07 01:06 - 2014-07-29 23:16 - 01291280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-11-07 01:06 - 2014-05-31 13:09 - 02800296 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-11-07 01:06 - 2014-05-31 13:09 - 02197680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-11-06 13:55 - 2014-09-05 00:01 - 00002065 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-06 13:55 - 2014-09-05 00:01 - 00002063 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-06 13:55 - 2014-09-05 00:01 - 00002053 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-06 13:55 - 2014-09-05 00:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-03 13:22 - 2014-06-26 18:42 - 00000000 ____D () C:\Users\awloong\AppData\Roaming\NVIDIA
2014-10-31 19:08 - 2014-06-04 21:53 - 00000000 ____D () C:\ProgramData\Skype
2014-10-30 19:25 - 2014-03-16 18:33 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 12:53 - 2014-10-02 00:43 - 20966504 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-10-30 12:53 - 2014-10-02 00:43 - 16886168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-10-30 12:53 - 2014-05-31 13:07 - 03237528 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-10-30 12:53 - 2014-05-31 13:07 - 00027024 _____ () C:\Windows\system32\nvinfo.pb
2014-10-30 08:55 - 2013-08-22 23:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 08:55 - 2013-08-22 23:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\awloong\AppData\Local\Temp\Quarantine.exe
C:\Users\awloong\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-24 16:57
 
==================== End Of Log ============================
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by awloong at 2014-11-28 10:58:58
Running from C:\Users\awloong\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Trend Micro OfficeScan Antivirus (Disabled - Up to date) {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
AS: Trend Micro OfficeScan Anti-spyware (Disabled - Up to date) {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 16.2.1 - Hewlett-Packard) Hidden
Airplane Mode Hid Installer (HKLM-x32\...\InstallShield_{5E5B067F-52A4-447E-A3F1-D6DD10565E73}) (Version: 2.0.0.6 - )
Airplane Mode Hid Installer (x32 Version: 2.0.0.6 - ) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.3.2.3825 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Borderlands: The Pre-Sequel (HKLM-x32\...\Qm9yZGVybGFuZHNUaGVQcmVTZXF1ZWw=_is1) (Version: 1 - )
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version:  - FromSoftware, Inc)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Dragon Age: Origins (HKLM-x32\...\{AEC81925-9C76-4707-84A9-40696C613ED3}) (Version: 1.05.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hotkey 1.17.19 (HKLM-x32\...\{2F385B5D-5F23-4513-B3CE-9F5E4F4B882A}) (Version: 1.17.19 - )
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Insyde Airplane Mode HID Mini-Driver (HKLM\...\AirplaneModeHid) (Version: 1.3.0.0 - Insyde Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1342.2) (HKLM\...\{302600C1-6BDF-4FD1-1311-148929CC1385}) (Version: 3.1.1311.0402 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{105fa5c4-72e1-41f2-a82c-884d8aa4b381}) (Version: 16.6.0 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 20 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418020F0}) (Version: 8.0.200 - Oracle Corporation)
Java SE Development Kit 8 Update 11 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180110}) (Version: 8.0.110 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Middle-earth: Shadow of Mordor (HKLM-x32\...\Steam App 241930) (Version:  - Monolith Productions, Inc.)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
O*NET Assessment Tools (HKLM-x32\...\O*NET Assessment Tools) (Version:  - )
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.7.2799 - Electronic Arts, Inc.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.21244 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sound Blaster Cinema (HKLM-x32\...\{8801CA65-921A-4CCC-9D63-879D1D0BAA97}) (Version: 1.00.05 - Creative Technology Limited)
Spotify (HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.5.0 - Synaptics Incorporated)
Telegram Desktop version 0.6.15 (HKU\S-1-5-21-429218106-2658364167-3459249354-1003\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.6.15 - Telegram Messenger LLP)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
Tunngle beta (HKLM-x32\...\Tunngle beta_is1) (Version:  - Tunngle.net GmbH)
Update for CHS Microsoft IME HAP Dictionary (Version: 16.0.1165.1 - Microsoft Corporation) Hidden
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Insyde (AirplaneModeHid) HIDClass  (07/01/2013 1.3.0.0) (HKLM\...\E38E8D276444640BFCE21B5A73FD63C479B76259) (Version: 07/01/2013 1.3.0.0 - Insyde)
WinRAR 5.10 beta 4 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.4 - win.rar GmbH)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
27-11-2014 01:21:38 Scheduled Checkpoint
27-11-2014 16:15:23 Removed Sticky Notes
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2013-08-22 21:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0283BA0F-8089-4A7D-BB78-9D6372733074} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {166615D9-47CA-41EE-9EF4-CA2D74E8BCE3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ADENAU-awloong AdenAu => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-07] (Microsoft Corporation)
Task: {2D11375D-C793-4ABA-B243-739F13E6FA66} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-20] (Synaptics Incorporated)
Task: {2EFEE14A-7620-4A12-B4F9-B2716138C358} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-05] (Google Inc.)
Task: {3D1C0340-1F9F-4342-B652-9F2589AFAECB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {650B267C-9D9B-491F-A242-DC34FF914AF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-10-22] (Microsoft Corporation)
Task: {C5DB6A71-1AF8-4F2E-8EED-17E6924C3C12} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {C8B3BB63-598E-4BFF-98FB-5E4D6D3BF37D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-10-07] (Microsoft Corporation)
Task: {E807FE49-01B2-4E42-97C2-4278FFB8E80E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {EB6BA706-48A4-4E5E-BD1F-BEF10CA470AF} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-08-31 17:33 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-06-07 20:02 - 2014-06-07 20:02 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-03-25 14:09 - 2014-01-16 11:34 - 00023552 _____ () C:\Program Files (x86)\Hotkey\HotkeyService.exe
2014-05-31 13:09 - 2014-09-14 05:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-11-18 10:19 - 2014-09-23 21:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-03-16 19:26 - 2012-11-13 23:22 - 00078456 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2014-03-16 19:26 - 2012-11-13 23:22 - 00386168 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2014-03-16 19:27 - 2012-11-01 11:23 - 00089600 _____ () C:\Windows\SYSTEM32\CmdRtr64.DLL
2014-03-16 19:27 - 2012-11-01 11:21 - 00325120 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2014-03-25 14:09 - 2014-01-24 16:21 - 00031736 _____ () C:\Program Files (x86)\Hotkey\hkysound.exe
2014-11-18 10:19 - 2014-11-18 10:19 - 00393376 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-16 19:25 - 2013-12-09 15:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-27 09:00 - 2014-11-25 14:39 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libglesv2.dll
2014-11-27 09:00 - 2014-11-25 14:39 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\libegl.dll
2014-11-27 09:00 - 2014-11-25 14:39 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\pdf.dll
2014-11-27 09:00 - 2014-11-25 14:39 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\ffmpegsumo.dll
2014-11-28 10:56 - 2014-11-28 10:56 - 00098816 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32api.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00110080 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\pywintypes27.dll
2014-11-28 10:56 - 2014-11-28 10:56 - 00364544 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\pythoncom27.dll
2014-11-28 10:56 - 2014-11-28 10:56 - 00045568 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\_socket.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 01160704 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\_ssl.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00320512 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32com.shell.shell.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00713216 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\_hashlib.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 01175040 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._core_.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00805888 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._gdi_.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00811008 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._windows_.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 01062400 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._controls_.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00735232 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._misc_.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00128512 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\_elementtree.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00127488 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\pyexpat.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00557056 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\pysqlite2._sqlite.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00087552 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\_ctypes.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00119808 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32file.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00108544 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32security.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00007168 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\hashobjs_ext.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00167936 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32gui.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00018432 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32event.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00038912 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32inet.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00011264 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32crypt.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00070656 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._html2.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00027136 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\_multiprocessing.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00035840 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32process.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00686080 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\unicodedata.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00122368 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._wizard.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00024064 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32pipe.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00025600 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32pdh.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00525640 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\windows._lib_cacheinvalidation.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00010240 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\select.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00017408 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32profile.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00022528 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\win32ts.pyd
2014-11-28 10:56 - 2014-11-28 10:56 - 00078336 _____ () C:\Users\awloong\AppData\Local\Temp\_MEI27122\wx._animate.pyd
2014-11-27 09:00 - 2014-11-25 14:39 - 14910280 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\awloong\OneDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-429218106-2658364167-3459249354-500 - Administrator - Disabled)
awloong (S-1-5-21-429218106-2658364167-3459249354-1003 - Administrator - Enabled) => C:\Users\awloong
Guest (S-1-5-21-429218106-2658364167-3459249354-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-429218106-2658364167-3459249354-1005 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/28/2014 00:23:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17284, time stamp: 0x53f816dc
Faulting module name: combase.dll, version: 6.3.9600.17031, time stamp: 0x53087867
Exception code: 0xc0000005
Fault offset: 0x0000000000173eaf
Faulting process id: 0x132c
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
 
System errors:
=============
Error: (11/28/2014 00:14:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The RzKLService service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (11/27/2014 11:57:57 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (11/27/2014 11:53:15 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:52:45 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:52:15 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:51:45 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:51:15 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:50:45 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:50:15 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (11/27/2014 11:50:13 PM) (Source: DCOM) (EventID: 10010) (User: ADENAU)
Description: {3C5E2B20-B911-44E2-A2DD-9F05E7B5E775}
 
 
Microsoft Office Sessions:
=========================
Error: (11/28/2014 00:23:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.3.9600.1728453f816dccombase.dll6.3.9600.1703153087867c00000050000000000173eaf132c01d00a5b02be88acC:\Windows\Explorer.EXEC:\Windows\SYSTEM32\combase.dllbe61ba95-7651-11e4-829f-a088696b894b
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-27 23:38:38.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-27 23:38:38.513
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-20 12:12:47.811
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-19 13:03:26.229
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-15 13:07:28.472
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-10 11:23:53.743
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-11-02 19:37:28.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-30 17:12:52.735
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-24 12:06:22.591
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-10-21 13:18:57.727
  Description: Code Integrity determined that a process (\Device\HarddiskVolume6\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume6\Windows\System32\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 8111.96 MB
Available physical RAM: 5323.1 MB
Total Pagefile: 9391.96 MB
Available Pagefile: 6439.04 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:118.73 GB) (Free:16.6 GB) NTFS
Drive e: (Rubbish) (Fixed) (Total:931.39 GB) (Free:440.78 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: 104E4E84)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 28 November 2014 - 12:46 AM

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 28 November 2014 - 10:33 AM

C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll a variant of Win32/Systweak.N potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe a variant of Win32/Systweak potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe a variant of Win32/Systweak.L potentially unwanted application deleted - quarantined
C:\Users\awloong\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/Somoto.G potentially unwanted application deleted - quarantined
C:\Users\awloong\Downloads\winzip18.exe a variant of Win32/InstallCore.QH potentially unwanted application deleted - quarantined


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 28 November 2014 - 11:56 AM

How is your system running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 28 November 2014 - 10:56 PM

it's running greatly!! Couldn't be more appreciative, thanks so much!



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,016 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:40 AM

Posted 29 November 2014 - 07:10 AM

Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 wlau

wlau
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 29 November 2014 - 07:18 AM

Thank you! 
 
# DelFix v10.8 - Logfile created 29/11/2014 at 20:18:02
# Updated 29/07/2014 by Xplode
# Username : awloong - ADENAU
# Operating System : Windows 8.1  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\awloong\Downloads\FRST-OlderVersion
Deleted : C:\zoek-results2014-11-25-162627.log
Deleted : C:\zoek-results2014-11-26-044847.log
Deleted : C:\zoek-results2014-11-27-121655.log
Deleted : C:\zoek-results2014-11-27-153545.log
Deleted : C:\Users\awloong\Downloads\Addition.txt
Deleted : C:\Users\awloong\Downloads\AdwCleaner.exe
Deleted : C:\Users\awloong\Downloads\Fixlog.txt
Deleted : C:\Users\awloong\Downloads\FRST (1).txt
Deleted : C:\Users\awloong\Downloads\FRST.txt
Deleted : C:\Users\awloong\Downloads\FRST64.exe
Deleted : C:\Users\awloong\Downloads\JRT (1).exe
Deleted : C:\Users\awloong\Downloads\JRT.exe
Deleted : C:\Users\awloong\Downloads\zoek-results.txt
Deleted : C:\Users\awloong\Downloads\zoek.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #4 [Removed Sticky Notes | 11/27/2014 16:15:23]
Deleted : RP #5 [Installed DirectX | 11/29/2014 11:09:03]
 
New restore point created !
 
########## - EOF - ##########





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users